I don't know about you, but I've had to become a virtual meetings expert in a short amount of time. With social distancing and quarantine measures implemented around the globe, many employees were forced to work from home using videoconferencing apps sometimes on a daily basis. The most popular one being Zoom.
With so much use, Zoom's flaws came to light rapidly. The company handled the increase of workload quickly and reacted to security researchers' discoveries, however code updates did not address every issue. We are offering some security and privacy tips we found to help keep your Zoom meetings safe and secure.
With its reported ease of use and attractive pricing, Zoom quickly rose in popularity — and people quickly figured out that Zoom’s developers weren’t fully prepared for the level of scrutiny it would receive.
A Zoom account is just another account, and in setting yours up, you should apply the basics of account protection. Use a strong and unique password, and protect your account with two-factor authentication, which makes your account harder to hack and better protected, even if your account data leaks.
There’s at least one more Zoom-specific catch: After you register, in addition to your login and password you get a Personal Meeting ID. Avoid making it public. And because Zoom offers an option to create public meetings with your Personal Meeting ID, it’s quite easy to leak that ID. If you do, anyone who knows your Personal Meeting ID can join any meeting you host, so share this information prudently.
A weird glitch in Zoom causes the service to consider e-mails of the same domain — unless it’s a really common domain such as @gmail.com or @yahoo.com — as belonging to one company, and it shares their contact details with each member of that group. If you don’t have a work e-mail, use a burner account with a well-known public domain to keep your personal contact details private.
Malefactors are ramping up their abuse based on the popularity of Zoom and other apps of its kind, trying to disguise malware as videoconference clients. Use Zoom’s official website — zoom.us — to download Zoom safely for Mac and PC, and go to the App Store or Google Play for your mobile devices.
Sometimes you want to host public events, and in many places online events are the only type of public events available these days, so Zoom is attracting more and more people. But even if your event is truly open to everyone, you should avoid sharing the link on social media. Internet trolls get information about upcoming events on social media. So, avoid publicly posting links to Zoom meetings. If for some reason you still want to, make sure you don’t enable the Use Personal Meeting ID option.
Setting up a password for your virtual meeting remains the best means of ensuring that only the people you want in your meeting can attend it. Recently Zoom turned password protection on by default. That said, don’t confuse the meeting password with your Zoom account password. And like meeting links, meeting passwords should never appear on social media or other public channels.
Another setting that gives you more control over the meeting, Waiting Room — recently enabled by default — makes participants wait in a “waiting room” until the host approves each one. That gives you the ability to control who joins your virtual meeting, even if someone who wasn’t supposed to participate somehow got the password for it. It also lets you kick an unwanted person out of the meeting — and into the waiting room.
Every normal videoconference app offers screen-sharing — the ability of one participant to show their screen to the others — and Zoom is no exception. Limiting screen-sharing ability to the host only is highly recommended if you don't need other people to share their screen. That way you can make sure inappropriate content is never allowed in your virtual meeting.
Zoom gained its market share not only for its prices and feature set, but also because it touted the product’s end-to-end encryption. With end-to-end encryption, all communications between you and the people you’re calling are encrypted in a way that only you and the people on the call can decrypt them. All other parties, including the service providers, cannot.
Sounds good, but it’s next to impossible, as security researchers have pointed out. Zoom had to acknowledge that in its case, the other end means the Zoom server — meaning the video is encrypted, but Zoom employees, and potentially law enforcement agencies, have access. The text in chats, though, seems to be really encrypted end-to-end. This is not necessarily a reason to abandon Zoom for good — other popular video conference services lack end-to-end encryption as well. But you should keep it in mind and avoid discussing personal or trade secrets on Zoom.
This one applies to every video conferencing service, not just Zoom. Before you jump on the call, take a moment to consider what people will see or hear when you join the call. Be aware of your appearance and background view. The same holds true for your screen if you plan on sharing it. Close any windows you’d rather others not see.
These past months have forced us to find new ways of doing business and staying connected. Can you imagine if all of this happened before videoconferencing and the ability to work remotely? So grateful for these tools in times like these. We continue to be here for you Minnesota. Zoom safe!