Security Best Practices for Lawyers Using Zoom

Secure Best Practices for Lawyers Using Zoom

This year will be remembered for many things, but when it comes to Canadian law practice, 2020 will be the year of using Zoom.

Almost overnight, firms have transitioned from boardrooms and courtrooms to virtual sessions that can be conducted from multiple locations. Lawyers are now regularly engaging with and representing their clients with virtual meetings, examinations and mediations. Even the courts have adapted; for the first time in history, judges at every level of court are conducting virtual hearings and trials from their offices and homes.   

In addition to client service, videoconferencing has proven to be an important tool for team collaboration and productivity, enabling teams to stay connected during periods of social distancing.   

Zooming to the Top

With its intuitive features, accessible and mobile access and reasonable price tag (including free accounts), Zoom has emerged as the leading videoconference solution across the globe. With a reported 300 million daily users, Zoom has literally zoomed to the top following the COVID-19 pandemic. 

Security Concerns 

Despite its impressive growth, Zoom had a rocky start with more conservative industries: as it gained popularity, experts began sounding the alarm about inadequacies in Zoom’s security and data sharing policies. Soon after, reports of Zoom bombings, hacker-created installers and data theft began pouring in.  

In response, Zoom has undertaken several developments to shore up its security. In late May, they launched Version 5.0, which introduced 256-bit GCM encryption, firewall compatibility, regional data centre selection, enhanced host controls and more. Zoom has also updated their privacy policy to provide more transparency around data collection and storage.  

With these improved security features, and by adopting the following best practices, lawyers and firm staff can now expect a reasonable level of security and privacy when using Zoom. 

Best Practices for Law Firms 

  1. Ensure both your office and remote employees’ devices are protected with anti-malware software, secure network connections, multi-factor authentication and ongoing maintenance. Zoom must be regularly updated in order to implement new security features. Contact us to learn how we make remote device management easier. 

  2. Always log in to Zoom directly using the Zoom app (available in Google Play or the App Store) or the Zoom website. For data privacy reasons, we do not recommend logging in through social media apps like Facebook. Beware of spoof Zoom websites, which look like Zoom but are actually created by hackers to breach your system.

  3. When hosting a Zoom session, use password protection so that only those with the meeting ID and password are able to join. Use a strong password and change it every time you host a session.  

  4. Because meeting IDs and passwords can be distributed to uninvited parties, disable the “join before host” option and create a virtual waiting room for your participants. This enables you to see exactly who is logged in and waiting to join.  

  5. Once you get started, lock your session to prevent any new, unauthorized participants from joining. 

  6. When using the chat and file sharing features, be aware that malware can be passed through infected files. We recommend that you not upload files on the Zoom Cloud, and instead transfer files using a trusted file sharing program more suitable for law firms. 

  7. When recording a session, avoid using the Zoom Cloud option and instead save the file locally, or, if you are a LexCloud client, inside of your virtual desktop, where it will be stored and properly backed up on the firm’s servers.  

  8. If you are a Zoom guest, understand the controls and monitoring capabilities of the meeting organizer, eg., attention tracking, muting participants, enabling/disabling participant recordings, etc. 

  9. Zoom is continually improving its privacy and security features: update your Zoom app regularly to ensure all security patches are implemented.  

  10. Distribute these security tips to all firm employees who use Zoom and discourage them from using it for personal purposes; meeting IDs and passwords can be easily distributed and have even been found listed on the Dark Web. 



Here to Stay 

In a matter of months videoconferencing has significantly transformed legal service delivery, and with courts, lawyers and their clients now recognizing its many benefits, this technology is here to stay.   

Canadian firms now face a significant shift from the traditional office space to virtual client service and at least partially remote staff.  To be successful, firms must manage client service and productivity by adopting new technologies and carefully revising existing processes and workflows.  Learn how LexCloud can help by contacting us at  

We encourage law firms to seek further guidance on appropriate use of Zoom by consulting with local law societies and court practice directives.  


How Secure are Your Remote Work Habits? 
Could you be inadvertently putting your firm and clients at risk?

Find out


New call-to-action