Updated April 28, 2020
With large numbers of organizations using Zoom and other video-teleconferencing platforms to stay connected in the wake of the COVID-19 crisis, the FBI reported several cases of web meetings being “bombed” by uninvited participants. In some instances, meetings were disrupted with pornographic and/or hate images and threatening language. These intrusions are not only disrupting and unsettling, but they could also put your company at risk of certain compliance violations, which could lead to hefty fines. The FBI also warned that there is the possibility that uninvited participants could send a link in the chat window that could potentially expose your local computer, user name and password (although this has not been reported; it was just proposed as a possibility).
Another concern arose out of an article in Business Insider that revealed Zoom “mistakenly” routed some non-China calls through a data center in China. This was in response to the sudden high demand of people using the platform. In their haste to meet that demand, Zoom’s CEO said, “we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect."
Zoom is currently the second most downloaded application in the world behind TikTok. Whenever there is a spike in popularity in a product/platform like Zoom, you’re going to see an increase in security issues and vulnerabilities. It’s not that other platforms such as Microsoft Teams, Gotomeeting and WebEx don’t have these issues, it’s just that Zoom’s platform is in the spotlight right now because of the sheer number of people all over the world using it. The company announced on April 27, 2020, that it has released its 5.0 version with beefed up security measures including:
- AES 256-bit GCM encryption
- Report a User feature
- New encryption icon
- Enhanced data center information
- Enhancements to ending/leaving meetings
You can read about those at https://blog.zoom.us/wordpress/2020/04/27/its-here-5-things-to-know-about-zoom-5-0/.
Despite Zoom's recent security woes, we still believe it is the best solution for video conferencing. However, it is crucial to follow these best practices when creating and conducting Zoom meetings.
Password Protect All Meetings
As of April 4, 2020, Zoom announced that enabling passwords is a default setting when creating a meeting. Be sure the box next to Require Meeting Password is checked. If it is not automatically, you will want to be sure to check that when setting up a meeting. Zoom will automatically generate a password for your meeting, but you can change that to something else if desired. Having participants require a password will prevent unwanted visitors from being able to join a meeting if they do happen to know the meeting ID.
Use the Waiting Room
Zoom also announced that its Virtual Waiting Room is now turned on by default, so be sure the box is checked. The Waiting Room is just that – a virtual staging area that prevents people from joining a meeting until the host is ready for them. When scheduling a meeting, disable Join Before Host. Then select In Meeting (Advanced) on the left side panel and scroll down to Waiting Room. If you select All Participants, even people from your organization will have to wait in the waiting room until admitted. Selecting Guest Participants Only will allow your team members to join the meeting without having to wait. Once the host joins the meeting, he or she will be able to admit all participants at once or admit them one at a time.
Lock the Room
After your participants have all joined the meeting, the host should lock the room. This will prevent anyone else from joining in the meeting and the host will not be notified if someone tries to join the meeting. Be sure that all participants have joined before locking the session. To do this, open the participant’s panel by clicking on the Manage Participants tab at the bottom of the screen. On the bottom right, select more. From the dropdown menu, you can lock the meeting.
Limit Screen Sharing
Limiting who can share content from their screen will prevent someone from “Zoom Bombing” your meeting. When setting up your meeting, select In Meeting (Basic) in the left side panel and scroll down to Screen Sharing. Select Host Only. If during the meeting you need to let someone else share their screen, click the up arrow next to Screen Share at the bottom of the page. Select Advanced Sharing Options and switch to All Participants. If someone else is sharing something that should not be shared in the meeting, the host can click the red Stop Sharing button at the top of the screen.
Do NOT Share Meeting IDs or Passwords
Meeting IDs, links and passwords should never be made public by posting on social media, in email signatures or on a website.
Video conferencing is just the latest arena that hackers are trying to infiltrate. Keep your organization’s meetings private and secure by following these simple best practices. For an online video tutorial, visit https://www.youtube.com/watch?v=p1IMmOujc9c