How to Zoom Safely: Zoom and Cybersecurity

Published on April 24, 2020  |  Cyberfort Advisors

Zoom has been under scrutiny recently for a variety of reasons. While Zoom has taken action to resolve these issues in a quick and transparent manner, it’s still best to be informed of the main problems and how to avoid them.

Problems

One of the main problems Zoom users have come across is Zoombombing, which is when an uninvited guest joins a meeting and “bombs” it. It is like photobombing, except with malicious intent and more inappropriate content and actions. Zoombombers have shared inappropriate content, such as pornography, as well as sensitive information, such as a host’s address, during meetings. 

Another cyber threat Zoom users have come across is malware. Hackers can install malware on a user’s device or steal their password by leaving a malicious file or link in the Zoom meeting chat or meeting invite. By clicking on the malicious file or link, the unsuspecting user’s device or application is compromised. 

Zoom has increased its security precautions to address these issues, but it is up to its users to implement many of these solutions.

Solutions

Zoom offers a variety of features within its app that can protect your meetings and privacy. Enabling or disabling a few of these features can secure your meetings.

Keep your meeting ID private

Set each meeting to use a unique meeting ID instead of a personal meeting ID. This will help keep your personal meeting ID private as well as ensure attendees don’t join the wrong meeting at the wrong time. This can also lower the opportunity for hackers to find and join your meetings. 

In your settings, be sure to toggle off the option to “Use personal meeting ID.” Then be sure not to share any meeting ID online. 

Require a password

A password-enabled meeting is the only type of meeting that is undetectable by zWarDial, which is an automated tool for finding non-password protected Zoom meetings. To protect your Zoom meetings from potential uninvited visitors who use that tool, implement a password for every meeting, like in the screenshot below. To make this easier, Zoom has made a password requirement the default since last year unless you have opted out.

Be sure to never share the meeting password online. Learn more about meeting passwords here.

Require a password in Zoom

Use a single sign-on with a vanity URL

If you have a business or education account, you can use a single sign-on to login using your company credentials. This will require a vanity URL, which looks like https://yourcompany.zoom.us

Using a single sign-on reduces the potential for Zoombombing because users only log in once each day and only use one set of credentials.

Learn more about single sign-on at this link

Personalize invites

Using Zoom’s email invite feature is quick and easy, but for those using Zoom for work may want to consider an alternative invite option to avoid spammy-looking invites. Zoom automatically sends a link that ends with a string of numbers and letters, which can look spammy to invitees.

To avoid this, after you create a meeting, instead of using Zoom to invite attendees, copy the meeting ID and password, and email or text attendees with a personal note about the meeting, including the meeting ID, password, and generic Zoom link (http://www.zoom.us).

The long-term benefit of taking the time to personalize Zoom meeting invites is that if your attendees receive a fake meeting invite, they will automatically know it’s not from you because you always personalize the invite. This could potentially save your users, and network, from malicious activity down the road. 

Limit screen sharing

If you utilize screen sharing as a host but your attendees do not need to share their screens, then disable screen sharing for guests, like in the screenshot below. 

If you do not utilize screen-sharing at all, disable it completely. This removes the possibility for a hacker to take over the meeting. 

Zoom's screen sharing options

Ensure “Join before host” is turned off

Another way to avoid Zoombombing is to ensure the “join before host” option is off, which it is by default. This way, as the host, you take over the meeting from the very beginning and attendees can join you when they are ready.

Be sure to be on time for these meetings when you have this setting turned off or your attendees may grow impatient and leave the meeting before it starts. 

Update your firewall settings

According to Tom’s Guide, you can protect your device from malicious links by going into your firewall settings and blocking outbound port 445. 

Also, be sure to update your antivirus software to catch any malware that does come through.

Enable the waiting room

Enabling the waiting room, which is shown in the screenshot below, allows you to screen attendees before they join the meeting. You can admit them at your discretion. 

Use the waiting room in Zoom

Try a webinar instead of a meeting

If you have a larger virtual presentation that does not require collaboration, a webinar may be safer than a meeting. A webinar is available in Zoom’s paid plans and allows only the host and panelists to view the attendee list, manage the video-sharing and audio-sharing settings, and more. This removes the possibility of Zoombombing for situations where collaboration is not necessary outside of the chat.

To further compare meetings and webinars, visit this link

Lock the meeting

Once all invitees are in the meeting, you can lock the meeting, which is an option under “Manage Participants.” “Locking” the meeting means you block out any newcomers from the meeting. This will ensure no uninvited guests show up. 

If you need to unlock the meeting to add a guest in the middle of the meeting, you can do so. Then, be sure to lock the meeting again. 

Download the latest version of Zoom

Zoom recently updated its software to resolve problems users were facing. To take advantage of these updates, be sure to download the latest version of Zoom for every device you use for video meetings. 

Learn more about these updates and how Zoom cares for your privacy and security here. Learn more about how to effectively use Zoom during the coronavirus epidemic at this link

Review host options 

Before your next meeting, review your host options. These include:

  • Mute attendees
  • Disable chat or prevent participants from saving chat (see below screenshot)
  • Remove unwanted attendees
  • Disable attendees’ video
  • Turn off file transfer

Zoom chat options

Learning about your security options within Zoom and otherwise can help protect your meetings, data, and privacy. We offer Web Security solutions and Email Security solutions that can block many of the vulnerabilities from causing harm to your network and devices.

LEARN MORE about Web Security Solutions >

LEARN MORE about Email Security Solutions >

CyberFort Services

We offer a complete suite of consulting services to help you create an effective strategy that resolves threat, security and regulatory compliance risks efficiently.

LEARN MORE >

Industries Served

Our team of industry recognized subject matter experts work to offer the right security solutions for your specific needs, preventing threats and vulnerabilities from compromising your business.

LEARN MORE >

Ready to secure your business against cybercrime?

Establish a complete cybersecurity program for your business with smart strategies, solutions and support by CyberFort.

Your Guide To A Successful Cybersecurity Overhaul by CyberFort Advisors

Your Guide To A Successful Cybersecurity Overhaul

Many companies implement new cybersecurity policies and procedures, but they ignore one critical fact: When it comes to your cybersecurity posture, your end-users are your weakest link.

Without getting employees and other end-users on board, your company data is at risk.

With your end-users on board, how do you deploy new cybersecurity policies? There are many pitfalls companies commonly fall for during this process. With the right preparation and guide, you can overhaul and deploy a successful cybersecurity initiative.

This short but comprehensive guide will show you how to:

  • Overhaul your cybersecurity program
  • Get your employees and other end-users on board
  • Avoid common pitfalls that cause cybersecurity initiatives to fail

To download the guide, please provide us with your name and email address:

Thank you for your submission! You will receive an email with a download link.