Dealing with Public Scrutiny:
Has Zoom Gotten It Right?
Video conferencing software company Zoom has been featured in the news for misleading claims that if provides “end-to-end encryption” for users. As it turns out, it does no such thing. The level of encryption it provides is actually much more standard, basically the same protection you get when browsing the internet.
This revelation has put Zoom in the national hot seat, just as its product has become the go-to remote work tool during Covid-19. What lessons can we learn from Zoom’s current predicament?
“Don’t wait until the whole country
is using your product to start crossing
your t’s and dotting your i’s.”
1. It’s never too early to do things the right way.
Zoom was founded in 2011 and hit $151 million in revenue by the end of 2018. In 2019 they went public. Yet Zoom only just hired its global compliance officer a couple months ago. Compliance professionals will tell you that your best bet to mitigate risk is to incorporate the value of ‘doing things right’ into your company culture. And as every business owner knows, you start building your culture from day one.
Don’t wait until the whole country is using your product or service to start crossing your t’s and dotting your i’s. Decide now to value compliance. It’ll be easier and cheaper to put controls in place early and build them out as your business scales up.
2. Apologize, Apologize, Apologize
On April 1, Zoom published a blog post apologizing for incorrectly (and misleadingly) using the term end-to-end encryption. The post also provided a little more clarity on Zoom’s real level of security. The same day, Zoom’s CEO also wrote a post taking responsibility for Zoom’s mishandling of user data: “we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry”.
If you’ve missed the mark on something, and the public finds out, you may be tempted to defend your decisions. You’re working with limited resources and competing priorities, after all. Something was bound to slip through the cracks!
Resist that temptation. No matter how good your reasons, they won’t translate well to the public. Instead, make a sincere apology. It’ll go a lot farther in the long run.
3. Publicly Commit to Improve — and Follow Through!
Zoom has publicly committed to a number of steps, including devoting all engineering resources to privacy and security, publishing a transparency report, consulting with third-party data security experts, and forming a certified information security officer (CISO) council to spot and address problems proactively.
This is exactly the kind of detailed, public accountability every company should embrace when they’re trying to fix a systemic issue. By delivering a plan to the community — with a 90-day timeline — Zoom has put itself in a position where failure to deliver on these promises could deal a huge blow to its reputation. Of course this is risky, and it’s important to pick a feasible timeline, but this is an excellent way to get back on track when you’ve lost some of your customers’ trust.
The Upshot
Zoom is still dealing with the fallout of its privacy failure. It’s still getting negative press coverage and may even face an FTC enforcement action. As a business owner, don’t make the same mistake: get your house in order now. Get a bare-bones compliance program in place that can grow with you. And when something does fall through the cracks, apologize and put things right as quickly and transparently as possible.