Zoom is making headlines during the COVID-19 lockdown. In the beginning it was for all the right reasons – schools used it to conduct classes online, businesses used it as a substitute for in-person meetings, and government agencies used it to coordinate their response to the coronavirus.
But soon it made headlines for the wrong reasons. Reports of critical security issues in Zoom surfaced, followed by bans on Zoom use from schools, companies, and government institutions. In a way, Zoom has been the victim of its own success: jumping from 10 million to 200 million daily users in 3 months has greatly widened how it is being used and increased scrutiny over how it works.
Zoom is successful because it is very easy to use, and is quite generous in offering free use as well. We know that many of you wish to continue using Zoom for both professional and personal video communication as it is the tool that best suits your needs. We have put together these 15 Dos and Don’ts to help you stay cybersafe while you videoconference with Zoom.
- Avoid using your Personal Meeting ID (PMI) to host meetings – If you use your PMI to host meetings, anyone with your PMI can join your meetings. They don’t need to know the meeting URL. Use a randomly generated meeting ID instead to control who can join your conference call. Uncheck ‘Use My Personal ID’ to get a random meeting ID
- Enable the ‘Waiting Room’ feature – The Waiting Room ensures that no one can join the call unless the host admits them. This may be a lot of work for the host if the number of attendees is large, but it prevents uninvited guests from joining the meeting
- Require a meeting password to join – Password protecting your Zoom meeting, especially one where you openly share the meeting ID to attract attendees, helps prevent Zoombombing. Unfortunately hackers are distributing meeting passwords and URLs online making this precaution a necessary, but not sufficient, step to prevent meeting disruption. This step should be combined with the other tips discussed here for greater security
- Allow only signed-in users to join – Create Authentication Profiles that require attendees to sign-in to Zoom to join a meeting. This can be further restricted to those who sign-in using email addresses from specific domains
- Disable unnecessary privileges – Zoom extends several privileges to meeting attendees such as screen sharing, annotations, and file sharing, which can be abused by the attendee to broadcast unpleasant content or share infected files. Disable these privileges to make your meetings safe. Users can still request, and the host can approve, these privileges during the call if they are required
- Lock the meeting once everyone has joined – Once all the required attendees have joined, lock the meeting to prevent attackers from joining your meeting
- Decide if you need to record – Zoom’s calls can be recorded, but a call recording can be misused. A host can decide not to record the call. If the host is recording the call, participants are notified and can request the host to stop recording or leave the call
- Rename the recording file – A hacker can predict the Zoom call recording’s file name and search for it if the default file name is used. Renaming the file is an easy way to reduce the chance of unauthorised access to the file
- Be careful where you post recordings – Your Zoom call recording can be uploaded to file sites run by Amazon, Dropbox, and Google and video sites like YouTube and Vimeo. If the contents of the file shouldn’t be made public, remember to configure your accounts on these sites to be private or password protected
- Disable ‘Join before host’ – Disabling this feature allows you to check if those who are waiting to join the meeting include unknown participants. You can verify the attendees before allowing them to join the meeting
- Turn off ‘Embed password in meeting link for one-click join’ – While this is a convenient feature that allows participants to join a meeting without entering a password even if a password is required, it can also be used by unwelcome participants who have gained access to the link. Disable for greater security
- Enable ‘Require Encryption for 3rd Party Endpoints (H323/SIP)’ – Enabling this feature ensures that encryption is required for all data between the Zoom cloud, Zoom client, and Zoom room. Encryption will need to be enabled on H.323 and SIP devices or they will receive an error message when attempting to join the meeting
- Ensure that Zoom is updated – Keeping your Zoom client updated to the most recent version, whether on desktop or mobile, is critical to ensuring the security of your meetings
- Other Security Settings – In addition the above steps, check these settings once your Zoom client has updated
- Enable ‘Prevent participants from saving chat’ to ensure that confidential chat messages cannot be shared outside the meeting
- Disable ‘Allow removed participants to rejoin’ to prevent ejected participants from returning to a meeting
- Disable ‘Far end camera control’ to prevent others from taking control of your camera
- Participating Tips – A few more suggestions to ensure that your meetings are safe and participant friendly:
- Mute all users
- Mute or disable video for specific participants
- Share meeting invites responsibly to ensure that the wrong people don’t receive them
Follow these steps and enjoy safe and secure Zoom video calls and meetings.
References: forbes.com, lifewire.com, springboard.com, washingtonpost.com, zoom.us.