Making Zoom Meetings Safer
There has been a lot of coverage in the media about the video conferencing solution Zoom and its security issues. If you’re working from home and using Zoom it’s important that you take a few precautions to ensure safety whilst using the platform.
Update to the latest version
Zoom have fixed a number of the recent security concerns, so the first thing you should do is ensure that you're running the latest version. You can do this in the app on your Mac or PC by clicking on your initials in the top-right of the main window and selecting Check for Updates. If there's anything waiting to be installed go ahead and click Update.
Reset your Zoom password
Next up is changing your Zoom password, particularly if you tend to use the same password for multiple services.
It was recently discovered that over 500,000 Zoom account logins are being sold on the dark web or being given away for free. These logins are being gathered using "credential stuffing" which is where hackers attempt to log into Zoom accounts using credentials already leaked online in older data breaches.
So if you've used a password for your Zoom account that you know you've used before you should definitely change it to something unique. Even better, use a password manager and have it create the password for you.
To change your password you need to sign into the Zoom web portal at https://zoom.us/profile. Scroll down to Sign In Password, click Edit on the right, then enter your old password followed by your new password twice to confirm. Click Save Changes.
If you've forgotten your password you can reset it by going to https://zoom.us/forgot_password and entering your email address.
Add your contacts back in again
On 27th April 2020 Zoom enabled a new security feature which requires all contacts in your Zoom profile to belong to your company’s account. If they don’t you’ll need to add them back in again as an external contact.
You can do this in the Mac/PC app by going to your contacts and clicking the + symbol at the top of the list and selecting Add a contact. Enter their email address and click Add. They will get a notification in their Zoom client to accept the invite.
Mitigate Zoom Bombing
"Zoom Bombing" is where uninvited trolls use Zoom's screen-sharing feature to play undesirable videos to the unsuspecting participants of a call.
Hosts of video conferences can do a number of things to help stop this happening:
Enable screen sharing for the host only.
To do this go to https://zoom.us/profile/setting and scroll down to Screen Sharing. Under Who can share? set the option to Host only.Always require a password for a Zoom meeting.
This should be enabled by default but if the option is unticked for some reason just re-tick it. Leave the password as the randomly generated one, don't replace it with a default password that you may be using. You can find the option when you schedule a meeting under Password.Don't send links to meetings over public forums such as Twitter if possible. This is because the password to the meeting is included in the link.
Enable the Waiting Room for meetings and other recommended options.
Under Advanced Options for the meeting enable the Waiting Room, disable Enable join before host and enable Mute participants on entry.Lock the meeting once it starts.
Once all participants are on the call the host can lock the meeting by clicking on Participants, then More in the bottom right-hand corner. Select Lock Meeting, and while you're there you can decide if you want participants to have the ability to unmute themselves as well.
Other Security Precautions and Tips
Enable a "Co-Host".
This allows you to ask someone else to help you moderate and admit others to the meeting. You can do this when you schedule a meeting by expanding the Advanced Options and entering the co-host email address(es) in the Alternative Hosts box.Disable File transfer to stop the sending of malware.
Go to https://zoom.us/profile/setting and scroll down to File transfer, ensure it's disabled.Generate the Meeting ID automatically, don't use your Personal Meeting ID.