For those using Zoom conduct regular meetings with their staff, vendors, family or friends the sudden security shortcomings of Zoom’s platform and application have been unsettling.
Following a few basic practices will secure and protect your Zoom sessions.
First, Zoom is a great service however it does not provide end-to-end encryption, has some significant IT security implications to/for local Windows-based networks, and uses sequential meeting ID’s that are both guessable and easily guessed.
We aren’t saying to not use Zoom to connect with others.
We’re advocating to be wise in how you setup/use the application.
As the world has quite sharply found, Zoom’s default privacy and security settings are significantly lacking. This has exposed users, organizations, schools, and everything in-between to the unwanted presence of outsiders in their Zoom meetings. Zoombombing as it’s known has been routinely featured on the nightly news and (in our opinion) mis-characterized as “Zoom Hacking”.
It’s not actually hacking because the features / functionality to secure the meetings are present but turned-off by default.
With those technical semantics out of the way, let’s explore what has changed since our first post on this topic and what should organizations do to ensure their Zoom sessions are as safe as they can be.
First, Zoom took its sudden popularity and resultant security shortcomings seriously. They’ve brought-in some serious technical heavyweights to both consult and improve their platform and organizational security.
As is commonly said within CIT “there will be security incidents. What matters is how an organization responds to the incident that characterizes the organization going-forward“
Zoom published an excellent security how-to document here. We’ve summarized their guidance as appropriate for most audiences below. Take the few minutes to read the document and adjust your setting accordingly based on the sensitivity of your meeting and/or organizational requirements.
5 10 things will greatly enhance your Zoom meeting’s security and privacy
- Don’t use your personal meeting ID for public meetings. Always use a randomly generated meeting ID for any publicly accessible meeting.
- Enable Meeting “Waiting Rooms” for your meetings. Apart from being an excellent security feature, you can even message all attendees in the waiting room helpful updates or messages, such as when scheduled meetings are delayed or running long.
- Require attendees enter a meeting password required to join all meetings.
- Restrict what participants are admitted into the waiting room, such as requiring a name, email address, and even custom questions. Then, using the pre-screened list of attendees in the waiting room. view and Admit participants into the meeting.
- Limit attendee’s abilities within the meeting – such as restricting screen sharing to “host only”.
- Disable the ability to transfer files in the meeting.
- Disable “advanced features” such as annotations or the ability for attendees to unmute their microphone themselves.
- Disable the feature allowing participants to “Join before host”.
- Disable the feature “Allow removed participants to rejoin”
- Disable private chat features between attendees
Zoom can be a resource to connect virtually whether it be business or personally. Just remember to think of your security and privacy as stated above when working remotely or from home.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more. Don’t Gamble With Your Security