How Zoom Survived Zoombombing: A PR Lesson

A month is a long time for PR Pros, and Zoom learned this the hard way.

While initial missteps by Zoom related to big security concerns created a massive surge of bad publicity for the video-conferencing software company, what they did next helped to turn it into an opportunity to reinforce trust. It also offers us a valuable lesson on what we should and should not do when our company or client faces a PR disaster.

Zoom is not a newcomer. But corporate users — its principal target — did not care whether they used Zoom, WebEx or even Skype. They used whatever their corporate execs told them to use. In fact, for daily telecommuting, many preferred voice over video. A cap on bandwidth and dedicated rooms for a video conference just made it a hassle.

Only startups, financial gurus, gig workers, and bitcoin traders saw the reason to have face-to-face conversations. Zoom fit their bill. Media was just beginning to warm up to video conference interviews.

With a massive surge in remote work, studies, and socializing due to COVID-19, everything changed. Zoom zoomed to the top—from 10 million daily users in December to 200 million the end of March. Its easy setup and simplified user interface just made sense. The U.K. government even started having cabinet meetings on Zoom, and the app was on the top list on iOS and Android stores.

Then, Zoom bombed — literally. Zoombombing, when uninvited attendees break into and disrupt your meeting, sometimes with graphic content, entered the urban English dictionary. It all quickly turned from a prank into a global security concern. Zoom quickly scrambled to update its code, rewrite its privacy policy, and address leaks of user groups.

In the meantime, schools from Singapore to New York’s Department of Education, banned Zoom, and the U.K. government examined its use. Elon Musk publicly declared no Zoom for his SpaceX team, and the Taiwanese government agencies stopped using it, joining the German Foreign Ministry, the U.S. Senate, and Australian Defense Force.

Then, Zoom was found to have shared data with Facebook, and other users got a fright when Zoom admitted that some calls were “mistakenly” routed to China.

As PR Pros know, terrible news can be like an avalanche.

The first steps by Zoom were missteps. The company stated on its website that you can “secure a meeting with end-to-end encryption.” It has since dropped the words “end-to-end.” The problem was the company did not do this immediately.

An Intercept article reported Zoom writing that end-to-end encryption was not possible for Zoom video meetings. The truth is that Zoom was using the same encryption used by HTTPS. But yet, the marketing materials continued to say “end-to-end.” Then, in the same article, a Zoom spokesperson said that the way they use “end-to-end” is different in their “literature.” Millions of consumers went “huh?” and rolled their eyes.

But, this is not an IT article. It is how Zoom redeemed itself, and it’s a good lesson for us all.

On April 2, Zoom’s chief executive officer, Eric Yuan apologized publicly. In a blog message, he reframed the problem. Instead of being seen as a half-baked product, he highlighted that the product was never meant to face the enormous volumes and different scenarios in such a brief time. The app was originally built to service businesses with dedicated IT departments, not millions of consumers. I mean really – who could have envisioned this? He thanked the media and users who found fault with the video conferencing software.

What Yuan did next was critical. He publicly declared a 90-day “lockdown” of new features and dedicated all resources to fix privacy and security issues. The quick fixes were essentially optional security features made mandatory. And, Zoom onboarded the ex-Facebook security chief who obviously has loads of experience when it comes to privacy issues.

Yuan noted that the platform will be gradually strengthened and become the centerpiece of the upcoming Zoom 5.0, which includes support for AES 256-bit GCM encryption.

As PR Pros know, terrible news can be like an avalanche.

The conversation changed. People suddenly saw Zoom as being responsive and later proactive. Some critics changed their tune, and customers like the Singapore Government are allowing their schools to use Zoom.

While Zoom was baking under the glare of security experts, other video conferencing players saw their chance. Most notably, Microsoft Teams highlighted its focus on security. In fact, Teams benefited a lot from the initial Zoom fallout.

The one company that got everyone’s attention though was Google, when it banned its staffers from using Zoom — the irony is that Google has its own product, which obviously its staffers were not using.

Nevertheless, all video conferencing competitors saw the lull in Zoom popularity to trump up their security credentials and expand their features.

But, all mentions about Zoombombing and Zoom offered indirect publicity to a company, and kept the company in the conversation. And, the media and security experts turned their attention on Zoom’s competitors with devastating effect. The amount of data used by these applications is enormous and often includes personal information like user names, passwords, and confidential business information, making them targets for attackers.

Zoom also decided not to engage its detractors and competitors alike. Learning from the initial missteps of trying not to admit they were in the wrong, they simply focused on getting their security on par with international expectations. And as of now, they are well on their way to doing that.

As we say in PR, focus on the messaging, reframe the discussion, and deliver on your promises quickly. This has helped the beleaguered company to claw back from its short-lived, tarnished reputation. It may also become a benchmark for recovering from a PR disaster on internet security.


Featured image source – pch.vector /