The lesson to be learnt here is to do your security review before, or as part of the procurement process. Since the NCSC review Zoom has addressed the security and privacy issues raised. If you use Zoom, make sure all your clients are updated to version 5 so you can use the end to end encryption…:
The UK government struck a deal with the video conferencing company Zoom just weeks before security officials warned that its platform should not be used for sensitive Whitehall communications.
The contract, worth up to £2m, allows a range of government departments, including the Ministry of Defence, the Cabinet Office and the Department of Health and Social Care, to procure corporate Zoom licences.
According to a procurement notice, the agreement went live on 7 April, around a fortnight before the National Cyber Security Centre (NCSC) sought to discourage people working in government and parliament from using the software for confidential business.
A survey of government departments by Parliament Street, a think tank, separately revealed that 731 Zoom licences have been purchased since the start of the crisis, with the Ministry of Defence driving most of the procurement.
NCSC officials said the platform should only be used for public matters and explicitly said that it should not be used to discuss issues that may have been interpreted as “detrimental to the interests of China”, the Guardian reported.