Over the past several weeks the Zoom Room platform has been scrutinized by the media over its lack of security. This includes the FBI issuing a warning following multiple reports of online conferences being disrupted by third party individuals. This leaves many users wondering if there is a way to make Zoom more secure.
“Call Bombers” or “Zoom Bombing” are names given to bad actors who can hijack meetings and present to meeting attendees. These bad actors use a process called “war dialing” to discovery meeting ID’s and passwords for Zoom meetings. While hijacked, meetings are disruptive and disturbing for participants. A more insidious threat is intruders who lurk in meetings without revealing their presence.
Most recently, fortune 500 companies such as Google as well as various government agencies have banned the use of Zoom. The trend sees these workflows moving to Microsoft Teams which is a secure product out of the box, offering end to end encryption.
Until Zoom has fixed the security holes in their product, we recommend not using Zoom to discuss anything confidential. However, if your workflow includes using Zoom, please follow these best practices when creating a meeting.
How to Make Zoom Secure
Turn on Your Waiting Room
A waiting room gives you control over who you permit into the meeting. Users can toggle Waiting Room to on in your account settings. Latest reports suggest Zoom has recently turned this on by default, however its best to always check.
Assign a Co-Host
Assign a co-host to handle moving attendees from the waiting room into the meeting, so you can focus on presenting.
Require a Secure Password to Join
Always create a password when scheduling both a New and Instant Meeting.
Lock the Zoom Meeting
Once all your attendants have arrived, lock your meeting from the security menu to prevent anybody else from joining.
Control Screen Sharing Ability
From the screen sharing menu, you can toggle this feature on or off, that will prevent unwanted interruptions.
Avoid Publicly Sharing Meeting Information
When you share your meeting information publicly, for example on Facebook, your password is built into the link, allowing anyone to join, so it is best not to post the link on social media sites.
Do not use Embedded Passwords
If you are concerned about invitees inadvertently sharing full meeting links with strangers, disable “Embedded password in meeting link for one-click join” in the profile settings page.
Use a Virtual Background
The space you are in during a call can expose a lot of information about where you live, your habits and your hobbies. Go to the main menu (top right of screen), then Preferences, then Virtual Backgrounds.
Use the Security Icon Options
A simple way to access many of the settings discussed in this document is to use the Security icon that appears in the bottom of the screen when you are hosting a meeting.
Related blog: 12 Ways to Protect Yourself from Cyberattack