12 Easy Ways to Secure Your Zoom Meetings
We’re living in interesting times, to say the least. There’s no doubt about it. COVID-19 has changed the way we work and live, in some cases permanently. People who have never worked from home suddenly find themselves doing it full time.
The COVID-19 pandemic has also challenged the technology world in ways it’s never seen before. There’s been a huge increase in phishing attacks, scams, and malware using the COVID-19 pandemic as a means of infiltrating victims. Employees and business owners that are not entirely comfortable working remotely are finding that security challenges are different and somewhat unique when plugged into their home network.
I have spent the first 3 weeks of our partial quarantine helping businesses and individuals prepare for life during a pandemic and isolation. I helped with securing their computers and networks, connecting to the resources and applications necessary to complete their work, helping with VoIP and in almost every case helped with setting up and using Zoom.
Nearly a year later and we find ourselves still educating and guiding people on Zoom (and Teams). It’s here to stay!
Zoom is a powerful tool. The primary reason for using Zoom is video conferencing and collaboration. They have plans that allow you to host video conferencing calls with up to 100 people for just $15 a month. Zoom offers plans for larger groups, enterprise environments, webinars, and even healthcare. They even have a free plan that allows up to 100 people so long as you keep the meeting under 40 minutes.
There are of course other plans that include more features, but most small businesses will find the $15 plan more than enough.
You can do more with Zoom than host meetings. Here are some of the other things I have done with Zoom:
- Screen Share/Remote Support
- Record Videos Including Screen Captures and then Upload to Social Media
- Record Podcasts
- Have One to One Meetings
- Virtual Training
As you can see it’s a pretty useful tool.
The Ugly Side of Zoom
Zoom exploded in popularity when the pandemic began to unfold. It went from 10 million people using it in December 2019 to 200 million in March 2020. That’s some intense growth. It was of course fueled by the COVID-19 pandemic and employers telling their employees to stay home and work.
Zoom’s platform has remained stable throughout. I have not had any issues and have only seen a few complaints about connectivity problems. That could have been attributed to the load on the ISPs as well. As I was writing this there were reports of Zoom web being down but I was able to connect.
Where Zoom has run into problems is with vulnerabilities and attacks. In the last few weeks, Zoom has been attacked by random people dropping into meetings (Zoom-bombing). Those people then shared pornographic materials, hate messaging, and disruptive behavior.
There have also been a few vulnerabilities discovered:
- Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links
- Ex-NSA hacker drops new zero-day doom for Zoom (Mac OS X)
- Zoom Kills iOS App’s Data-Sharing Facebook Feature
As you can see there is a lot to deal with. There’s good news though. Zoom has patched all of the above issues already. Zoom has also allocated all engineers who were working on feature improvements and additions to the development of improved security.
Zoom’s CEO Eric S. Yuan recently wrote a blog post addressing the vulnerabilities and concerns. Essentially, he explained that the recent growing pains contributed to the vulnerabilities and challenges. He was very transparent with what has been done and what they will do going forward.
Zoom’s issues are not solely theirs. They also belong to the businesses and consumers using the platform. Security is EVERYBODY’s responsibility and until everybody takes it seriously these things will continue to happen. I attended 5 meetings over Zoom last week. 3 of them did not have a password on them.
How Do I Secure My Zoom Meetings?
Here’s a list of 12 things you can do to secure your Zoom meetings going forward.
- Use a password for your meetings. When you set up your zoom meetings you can add a password. The password can be whatever you want it to be. It automatically generates a 6-digit number, but it doesn’t have to be just numbers. You can also edit existing meetings to add a password.
- Use the waiting room. This feature makes it so you have to approve anyone who wants to join the zoom meeting. If you’re not sure who the person is you can screen them to ensure your meeting is not Zoom Bombed. This feature is enabled by default now and should not be disabled.
- Do not share your Zoom meeting information publicly. Don’t share it out on Social Media. The best thing you can do is require people who want to attend to RSVP and then send them the meeting information.
- Ensure your Zoom client is updated. Do not use outdated Zoom clients.
- Disable participant screen sharing. You can grant screen sharing to individuals as needed.
- Lock the meeting once everyone has joined.
- Require host to be present before the meeting starts.
- Secure meetings with end to end encryption. Yes, this feature is available though it has been publicized that it is not. (Edit: 4/7/2020: ZOOM MEETINGS AREN’T END-TO-END ENCRYPTED, DESPITE MISLEADING MARKETING) (Edit: 10/14/2020 ZOOM ROLLED OUT E2EE WITH PROMISES OF FURTHER SECURITY ENHANCEMENTS in 2021)
- Allow only authenticated users to join meetings. This means users need to create an account on Zoom.us to join a meeting. You can further limit this to specific email domains if it’s relevant to your meeting. While this may not be optimal for all meetings I would strongly encourage this for meetings that are a little more sensitive in nature.
- Use generated meeting IDs instead of a personal meeting ID. If you do use a personal meeting ID do not share pictures of your meetings on social media or on the internet. This makes it easier to find your meeting.
- Do not download the Zoom client from anywhere other than Zoom.us. There has been a surge in domains being purchased that include the word zoom. This suggests that there will be malware and phishing attacks launched using Zoom to get your attention. I cannot stress this enough. Zoom clients downloaded from anywhere other than the official Zoom site are almost guaranteed to contain malware.
- And of course, my favorite, use a secure password and enable 2FA on your Zoom account. Logging into Zoom.us will give whoever logs in access to your meeting and account security information. Setting up 2FA dramatically decreases the chance that someone can brute force your Zoom account.
12 steps to secure your Zoom meetings might seem like a lot but the steps are pretty easy. Some of them are configured by default now. It also helps to spend time logging into your account on Zoom’s website to understand the different features.
Zoom is a great productivity tool but like anything else growing pains will challenge its stability, security and bring into question its policies. It seems Zoom is on top of things, rapidly fixing any vulnerabilities and addressing concerns that come up. As long as Zoom’s clients do their part we can ride this pandemic out together, using one of a few tools that have kept us connected and made this planet a little smaller.
Stay Healthy, Stay Safe, and Stay Secure!