You are here
Assessing the Security of Online Collaborative Tools
Overview
The security of Zoom, Microsoft Teams, Google Hangouts and other online collaboration tools is largely dependent on how the tools are configured, and the settings selected. However, knowing a little bit about the tool's features, the developing company's Privacy and Security principles, and tips for safe use, can help you make safer choices.
CDE has collected advice from industry sources about the features, privacy and security principles, and tips for safe use for these popular tools so districts can make informed choices.
Jump to a Section:
Microsoft (MS) Teams
Microsoft Teams is a productivity, chat, and coordination app available as part of Office 365, the online Office suite of products, and also as a standalone product. You don't need Office 365 to use Teams, although some of its features will require you download it.
As a customer of Office 365, you own and control your data. Microsoft does not use your data for anything other than providing you with the service that you have subscribed to. As a service provider, we do not scan your email, documents, or teams for advertising or for purposes that are not service-related. Microsoft doesn't have access to uploaded content. Like OneDrive for Business and SharePoint Online, customer data stays within the tenant. You can check out more about our trust and security related information at the Microsoft Trust Center. Teams follows the same guidance and principles as the Microsoft Trust Center."
Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption. Notes are stored in OneNote and are backed by OneNote encryption.
Team channels are places where everyone on the team can have open conversations. Private chats are only visible to those people in the chat.
Google Hangouts
Yes, Google Hangouts is secure. Your conversations are encrypted so that nobody else can see or hear your conversations. However, Google does not use end-to-end encryption, so if for some reason the government requested access to your Google Hangouts conversations, Google could allow them access.
Google Hangouts is private, and when you send messages or have a conversation with someone on Google Hangouts, it will only be visible to you and the other person/people in the conversation. Other users will not be able to see your conversation unless you add them as a contact and invite them to join.
4 tips to stay safe using Google Hangouts:
1. Don't communicate with anyone you don't know.
Only add or accept requests from people you know and trust, like your family and friends. You shouldn't risk talking to anyone you don't already know.
2. Prevent anyone else from accidentally accessing your account by signing out when you're done using Google Hangouts.
If you happen to be using Google Hangouts on a shared/public computer or device (e.g. at a library), be sure to sign out of your Google account when you're finished to make sure that nobody else can access your account. To sign out, click on your profile photo in the top right corner, then click Sign Out.
3. Secure your account with a good password.
Make sure you have a strong password to protect your account in case someone tries to hack into it. Have a look at our free passwords course to learn how to make a strong, secure password.
4. If anyone happens to be bothering you on Google Hangouts, block them.
Block anyone who bothers you on Google Hangouts. If someone is trying to contact you and you don't want them to be able to, block them to prevent them from contacting you. To block someone, hover over their name with your cursor, click the downwards arrow, then click Block.
Learn More About Hangouts
Is Google Hangouts Safe?
Zoom
According to the company's privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don't make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any "information you upload, provide, or create while using the service."
Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email) but much of it is collected automatically by the Zoom app.
In its privacy policy, under the entry "Does Zoom sell Personal Data?" the policy says, "Depends what you mean by 'sell.'" To summarize Zoom's policy, they say they don't sell personal data for money to third parties, but it does share personal data with third parties for those companies' "business purposes." And that may include passing your personal information to Google.
If you choose to use Zoom, an article from Forbes.com offers these steps to avoid your session being hijacked by a "Zoombomber."
1. Keep Invites Private
Especially right now, when it seems like the entire world is trying to figure out how to keep up with "business as usual" (or at least "business at all") you want to make sure that as many people as possible can get the information they need. The temptation is high to post links to Zoom meetings on social media or take a screenshot of the link to pass around.
The problem is, there's no way to keep track of who's received the invite and if the invite reached the intended targets.
The easiest way to ensure the link isn't seen by those who shouldn't have access is to email participants the link directly from the Zoom app or, even better, set up a meeting in Google calendar with the Zoom link in the description. That way, you can keep track of who's said they'll participate and make it harder for casual hackers to find your meeting.
2. Don't Use Your Personal Meeting ID
It's tempting to copy your Personal Meeting ID (PMI) and use that for every Zoom meeting. However, if someone gets a hold of the link to your personal meeting room, they can drop in and disrupt things whenever they like. Then the only way for you to stop them is to set a password for everything, including PMI calls. A better approach is to generate unique IDs for your meetings.
It takes a little more work, but the nice thing about setting up unique meetings is that you can make them recurring, you can set an individual password just for that meeting, and it's easy to delete and replace it if you need to redo the invitation. It's much harder to change your PMI.
Just click the Schedule button on the Zoom main screen and leave the Generate Automatically option selected under Meeting ID.
Sharing the meeting ID is simple. Once you click the Schedule button, you'll be taken to the calendar app you selected or given an invitation to copy if you selected Other Calendars.
3. Require a Password
One thing that's vital to keeping your meetings safe is to make them password-protected. Zoom can automatically generate a password for each scheduled meeting and share that password as part of the invitation.
You can go even farther though, and require a password for absolutely every meeting you start from Zoom. You'll need to go to the Advanced Settings online. Click the link in the General or Advanced Settings section of the app preferences.
Once you're there, scroll until you see password options. You can select as many or as few as you like, but I recommend password protecting all calls. Especially now when hackers are trying harder than ever to disrupt Zoom meetings, this extra step will ensure your meetings aren't disrupted.
4. Turn Off Screen Sharing
While you're in the advanced settings, you'll need to turn off screen sharing as well. This is where the "bombing" part of Zoombombing comes in. Without screen sharing disabled, anyone can take control of the meeting and display their screen. Since most users' settings enable the window to expand to full screen while someone is sharing, this means that, before you can even react, all of your meeting participants have gotten a good view of whatever the hacker wants them to see.
Jump down to the In Meeting (Basic) section and scroll to . Under Who can share? select Host Only. This will keep the screen under your control and ensure that you're the only one that can broadcast their screen.
And don't worry about meetings that you've already sent out invitations for. Once you've made this change to your account, it applies to every Zoom meeting, not just the ones you create going forward.
Connect With Us