From inappropriate interruptions and messages to more sinister attacks, hacker activity on Zoom is rising during the COVID-19 outbreak due to the uptick in its global use by businesses. Why now, why Zoom? Simply put, hackers go where people are because people are the gateway to systems, networks, and data. This is why we’ve always said: “Cybersecurity is a business issue, not just an IT issue!”
So, what should our clients do, and where should they focus their time? The ultimate defense against these attacks is for staff members to use Zoom cybersecurity settings and features. Read on for my personal favorites, with links to take you right to the setup instructions.
Manage your participants
- Managing participants can greatly reduce the risks posed by unwanted attendees. Some useful functionality for managing meeting participants includes:
- Allow only invited individuals to join: This function prevents someone from joining who isn’t logged into Zoom with the email through which they were invited.
- Remove unexpected participants: This function allows the host to hover over a participant’s name and remove them from the meeting.
- Allow removed participants to rejoin: In case a participant is removed, this function allows the host to allow removed participants to rejoin.
- Lock the meeting: This function allows the host to lock a Zoom meeting after it has started so that no new participants can join, even if they have the meeting ID and password (if required).
- Put participants on hold: The host can put a participant on a temporary hold, including the participant’s video and audio connections.
- Mute participants: The host can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. The host can also enable “Mute Upon Entry” in the settings to keep initial noises from interrupting the start of a meeting.
Manage screensharing
- Screen hijacking is one of the most common risks related to the recent outbreak. Proactively controlling screensharing functionality greatly reduces participants’ ability to share inappropriate images or other unwanted content. Two useful functions for this include:
- Share video: Before or during the meeting, this function allows the host to select who can share their screen.
- Disable video: Hosts can turn a participant’s video off. This will allow the host to block unwanted, distracting, or inappropriate messages, images or gestures on video.
Screen hijacking is one of the most common risks related to the recent outbreak.
Manage information-sharing
- Another common risk related to the recent attacks against Zoom meetings includes sharing malicious links or poisoned files. Some useful functionality for managing sharing incudes:
- Turn off file transfer: In-meeting file transfer allows people to share files within the in-meeting chat. A host can turn this off to prevent attendees from using the chat function to share unwanted content like malicious links and poisoned files.
- Turn off annotation: Participants can doodle and mark up content together using annotations during screenshare. If you don’t need that feature for your meeting, simply turn it off ahead of time to prevent attendees from drawing inappropriate images or messages.
- Disable private chat: Zoom has in-meeting chat for participants to message each other privately. If you restrict the participants’ ability to privately chat during meetings, you can monitor messages, images, and other data transferred during the meeting.
Manage sensitive or confidential topics
- For sensitive or critical meetings, stronger controls are a must. Increase your meeting security using these features:
- Set two-factor authentication: If the meeting content is sensitive, this function should be used. It generates a random Meeting ID and requires a password to join. The Meeting ID can then be shared however necessary, and the password can be sent by a different form of communication (SMS, email, direct message).
- Enable waiting room: The Waiting Room is a virtual staging area that stops guests from joining until the host is ready for them. It’s the host’s first line of defense against unauthorized access into a Zoom Meeting. While it’s not necessary for all meetings, if sensitive information is going to be discussed, the Waiting room should be used. In addition, the host should set a meeting message for attendees entering the Waiting Room to know they’re in the correct meeting.
Other Zoom best practices for cybersecurity
- While not a system function, these last recommendations go without saying:
- Beware of Zoom phishing scams: Hackers will use malicious links that have a fake Zoom domain and look-alike websites that ask for credentials. Warn your staff to take extra care when clicking links, and be sure to access the Zoom website using your usual method rather than with a link someone sends you.
- Do not share your Personal Meeting ID: Every user has ‘Personal Meeting ID’ associated with their account. Instead of using that, use a per-meeting ID, exclusive to a single meeting. Zoom’s support page offers a video walk-through on how to generate a random meeting ID for extra security.
- Keep Zoom updated: Download and maintain the latest version of Zoom from the official Zoom website. Since updates occur regularly and often include security upgrades, visit the Zoom site frequently to make sure you’re using the latest and most secure version of the tool.
We’re not specifically recommending Zoom — or any other collaboration tool, but it’s still important to know these Zoom functions in case your business is using it or you’re invited to a Zoom meeting by someone else. If your business isn’t careful, you’ll face the uncomfortable possibility of losing customer or staff data, critical IP, or more. Employing these functions greatly reduces the common risks of using Zoom for business meetings, but it’s up to your staff, vendors, and contractors to learn and effectively use them.