Zoom has been under scrutiny recently for a variety of reasons. While Zoom has taken action to resolve these issues in a quick and transparent manner, it’s still best to be informed of the main problems and how to avoid them.
One of the main problems Zoom users have come across is Zoombombing, which is when an uninvited guest joins a meeting and “bombs” it. It is like photobombing, except with malicious intent and more inappropriate content and actions. Zoombombers have shared inappropriate content, such as pornography, as well as sensitive information, such as a host’s address, during meetings.
Another cyber threat Zoom users have come across is malware. Hackers can install malware on a user’s device or steal their password by leaving a malicious file or link in the Zoom meeting chat or meeting invite. By clicking on the malicious file or link, the unsuspecting user’s device or application is compromised.
Zoom has increased its security precautions to address these issues, but it is up to its users to implement many of these solutions.
Zoom offers a variety of features within its app that can protect your meetings and privacy. Enabling or disabling a few of these features can secure your meetings.
Keep your meeting ID private
Set each meeting to use a unique meeting ID instead of a personal meeting ID. This will help keep your personal meeting ID private as well as ensure attendees don’t join the wrong meeting at the wrong time. This can also lower the opportunity for hackers to find and join your meetings.
In your settings, be sure to toggle off the option to “Use personal meeting ID.” Then be sure not to share any meeting ID online.
Require a password
A password-enabled meeting is the only type of meeting that is undetectable by zWarDial, which is an automated tool for finding non-password protected Zoom meetings. To protect your Zoom meetings from potential uninvited visitors who use that tool, implement a password for every meeting, like in the screenshot below. To make this easier, Zoom has made a password requirement the default since last year unless you have opted out.
Be sure to never share the meeting password online. Learn more about meeting passwords here.
Use a single sign-on with a vanity URL
If you have a business or education account, you can use a single sign-on to login using your company credentials. This will require a vanity URL, which looks like https://yourcompany.zoom.us.
Using a single sign-on reduces the potential for Zoombombing because users only log in once each day and only use one set of credentials.
Learn more about single sign-on at this link.
Using Zoom’s email invite feature is quick and easy, but for those using Zoom for work may want to consider an alternative invite option to avoid spammy-looking invites. Zoom automatically sends a link that ends with a string of numbers and letters, which can look spammy to invitees.
To avoid this, after you create a meeting, instead of using Zoom to invite attendees, copy the meeting ID and password, and email or text attendees with a personal note about the meeting, including the meeting ID, password, and generic Zoom link (http://www.zoom.us).
The long-term benefit of taking the time to personalize Zoom meeting invites is that if your attendees receive a fake meeting invite, they will automatically know it’s not from you because you always personalize the invite. This could potentially save your users, and network, from malicious activity down the road.
Limit screen sharing
If you utilize screen sharing as a host but your attendees do not need to share their screens, then disable screen sharing for guests, like in the screenshot below.
If you do not utilize screen-sharing at all, disable it completely. This removes the possibility for a hacker to take over the meeting.
Ensure “Join before host” is turned off
Another way to avoid Zoombombing is to ensure the “join before host” option is off, which it is by default. This way, as the host, you take over the meeting from the very beginning and attendees can join you when they are ready.
Be sure to be on time for these meetings when you have this setting turned off or your attendees may grow impatient and leave the meeting before it starts.
Update your firewall settings
According to Tom’s Guide, you can protect your device from malicious links by going into your firewall settings and blocking outbound port 445.
Also, be sure to update your antivirus software to catch any malware that does come through.
Enable the waiting room
Enabling the waiting room, which is shown in the screenshot below, allows you to screen attendees before they join the meeting. You can admit them at your discretion.
Try a webinar instead of a meeting
If you have a larger virtual presentation that does not require collaboration, a webinar may be safer than a meeting. A webinar is available in Zoom’s paid plans and allows only the host and panelists to view the attendee list, manage the video-sharing and audio-sharing settings, and more. This removes the possibility of Zoombombing for situations where collaboration is not necessary outside of the chat.
To further compare meetings and webinars, visit this link.
Lock the meeting
Once all invitees are in the meeting, you can lock the meeting, which is an option under “Manage Participants.” “Locking” the meeting means you block out any newcomers from the meeting. This will ensure no uninvited guests show up.
If you need to unlock the meeting to add a guest in the middle of the meeting, you can do so. Then, be sure to lock the meeting again.
Download the latest version of Zoom
Zoom recently updated its software to resolve problems users were facing. To take advantage of these updates, be sure to download the latest version of Zoom for every device you use for video meetings.
Review host options
Before your next meeting, review your host options. These include:
- Mute attendees
- Disable chat or prevent participants from saving chat (see below screenshot)
- Remove unwanted attendees
- Disable attendees’ video
- Turn off file transfer
Learning about your security options within Zoom and otherwise can help protect your meetings, data, and privacy. We offer Web Security solutions and Email Security solutions that can block many of the vulnerabilities from causing harm to your network and devices.