Whilst we have all transitioned to a working at home it seems second nature now to have a Zoom call with colleagues or clients. But as the use of Zoom has rocketed so have some of the concerns about the privacy of the application.
Despite the claim that its offers end to end encryption it actually doesn’t. It offers encryption from the Zoom clients to the Zoom server but not within the Zoom network. This is not likely to bother most firms using it. But it does mean Zoom Employees potentially have access to the meeting content. Although Zoom is quick to point out that there are measures in place to stop this happening.
However, more likely is that new to Zoom users are not securing their meetings properly. So here are a few helpful tips on how to do just that.
1. Always require a meeting password
If you uncheck this box it opens you meeting up to anyone who has the meeting ID. This has led to Zoom bombing where uninvited attendees join the meeting and disrupt it.
2. Enable Waiting Rooms
This allows you the host to control when and who enters the meeting. This is particularly useful if you and your team are in the meeting early discussing the clients affairs before they join. When a client joins the meeting they are held in a waiting room until you choose to admit them.
3. Disable Participant Screen Sharing
Where you are conducting large meetings with lot of participants. An attendee could share there screen with whatever content they have on it to all participants. Clearly this is not something you would want to happen. This effectively stops anyone hijacking your meeting.
4. Lock the meeting
After everyone you have expected has joined the meeting you can then lock it. This stop any further attendees joining when the meeting has started.
5. Don’t share your PMI Permanent Meeting ID or Photographs of your Zoom Meeting ID.
This will allow an attacker to try and access your meeting whilst it is in progress particularly if you haven’t password protected it. If you are planning a meeting in a few day’s time to update clients and post it on your website, google will index and make it available in general search results. Keep the Meeting ID private and only send it to registered attendees.
6. Keep your Zoom Client Updated.
As Zoom has become some popular for meetings it has attracted Cyber Criminals who are looking to gather useful information from you. As vulnerabilities are exposed Zoom will be updating their software to mitigate these risks. Make sure you regularly update the application.
7. Watch out for Phishing Attacks pretending to be Zoom Invites
Be particularly cautious of Zoom invites sent via email to you and you staff. There has already mean a spike in Phishing attacks and Malware using Zoom as a subject line or fake URL.
If anybody needs help setting up Zoom or MS Teams please let me know happy to help during this period of uncertainty email David.Watson@anshin.co.uk