April 3, 2020

Client Alert: Zoom Security Issues

by: Align

Client Alert: Zoom Security Issues

We urge Align’s Managed Service clients to utilize cybersecurity best practices and proceed with the utmost caution when leveraging the Zoom video conferencing platform. Cybersecurity experts have discovered multiple vulnerabilities in the platform’s software, and threat actors are actively targeting Zoom. More about these vulnerabilities can be found here: 

With the increased demand of video conferencing and the exponential growth in Zoom’s user base due to the Coronavirus, we anticipate needs related to working from home will lead to continued exploits of known vulnerabilities on this platform.

What You Should Do: 

To help safeguard corporate assets and prevent your investment firm from falling victim to cybercrime, we offer the following guidelines and resources: 

  • Whenever possible, leverage Microsoft Teams for videoconferencing. For further assistance, reach out to your Align Account Manager. 
  • If you must leverage the Zoom application, ensure that it is updated to the most current version. 
  • Require passwords for all Zoom meetings 
  • Require users to be logged in to Zoom accounts to join meetings 
  • Enable waiting room for all Zoom meetings to control who enters the conference 
  • Enable multi-factor authentication for meetings dealing with sensitive information; directions on how to set up and use two-factor authentication with Zoom meetings can be found here: https://support.zoom.us/hc/en-us/articles/360038247071-Setting-up-and-using-two-factor-authentication 
  • Review other security recommendations from Zoom, which can be found here: https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf 
  • When offering telecommuting to your workforce, make sure you leverage the proper tools, systems and protocols in place. Firms should also test remote capabilities before promoting them company-wide to identify any gaps and make improvements where necessary. Align’s clients are well suited to work from home (WFH) and work from anywhere (WFA). 
  • To learn about how Align Managed Services leverages Microsoft Teams videoconference and how Microsoft Teams secures videoconferencing, see here: https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide 

Additional Information and Cybersecurity Guidance: 

  • Align Managed Services clients leveraging Managed Threat Protection will have continued 24x7x365 monitoring by our Security Operations Center (SOC) against known and unknown threats in real-time. This enables us to continuously monitor, detect and respond to suspicious activity in your network, safeguarding your critical infrastructure from malicious hackers.   
  • Preventing cybercriminals from infiltrating your network starts with your first line of defense, your staff. Align's clients are better equipped at dealing with current and emerging risks because they have created a robust culture of security through leveraging our Security Awareness Training
  • Familiarize your team with our Service Desk's contact information: 
  • Explore more information on Align's Cybersecurity Advisory Practice

Do you have further questions about Microsoft Teams or other cybersecurity concerns?  

If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446)

Thank you,

The Align Team

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC