New York City Removes Zoom from Online Teaching, Delivering a Lesson in the Importance of Cybersecurity to Business Models

Apr 8, 2020 | Blog

Zoom, the seemingly ubiquitous online meeting platform used by schools across the nation, received a harsh lesson on April 4, courtesy of the City of New York, in the importance of cybersecurity to business credibility and business retention.

The New York City Department of Education banned Zoom for online teaching by public schools, citing security concerns. Weaknesses in the platform have included the failure to keep out intruders (“Zoom-bombers”) who have invaded online Zoom sessions with spam and, on occasion, obscene material. As a result of these and other security issues, Zoom lost an account for remote learning from the largest school system in the country, comprising 1.1 million students from 1,800 schools.

The Department of Education’s action came a short time after the Attorney General of the State of New York sent a letter to Zoom expressing concern about its security weaknesses and posing a number of questions to Zoom about now it planned to remediate the security weaknesses. It is unknown whether the letter from the Attorney General was related to the Department of Education’s ban on use of Zoom.

Two things are clear from Zoom’s loss of the New York City business: First, cybersecurity is good for business because it enhances credibility in the service or product and conversely, weak security can cost the company one or more of its largest accounts. Second, government regulators are not backing down on enforcement of cybersecurity and privacy laws during the COVID-19 pandemic. It appears, at least from New York’s action, that the heightened risks arising from exponentially larger numbers of workers and students working and studying remotely has, if anything, raised the concerns of regulators regarding cybersecurity and may well result in enhanced monitoring for security violations and, where appropriate, aggressive enforcement.

If you have questions regarding compliance with state and federal cybersecurity and privacy laws and regulations, please contact Kenneth N. Rashbaum.