kchopson

Zoom Best Practices Help Keep your Virtual Meetings Safe

As the Coronavirus pandemic spread and face-to-face meetings became impossible, people flocked to video conferencing products. A massive surge in use was particularly notable in the already popular Zoom video conferencing platform. In just a few weeks Zoom went from 10 million to 200 million users.  People flocked to Zoom because of its free trial, low pricing, great functionality and ease of use. The widespread usage of Zoom has opened up many possibilities for the package, including its use in virtual conferences.

However, Zoom’s rapid rise in popularity has made it a target for hackers.  A series of security and privacy weaknesses were discovered, many of these tied to Zoom’s focus on ease of use.  The most noteworthy type of attack has earned the moniker of “Zoombombing.” This attack typically consists of an uninvited guest showing up at a Zoom meeting and disrupting it with graphic or offensive content. Such interruptions are, of course, unwelcome and can provide significant embarrassment and other issues for the hosts and their guests.

Fortunately, Zoom has already made many changes to their platform to eliminate these issues.  The most important of these are now default settings for new Zoom meetings.  Awareness of these settings can help you avoid unexpected situations with your Zoom video conference.

Basic Settings to Help Protect Your Meeting

There are two basic settings that Zoom has already enabled that will go a long way to towards protecting your meeting. Zoom Meetings can be created either through their website or their desktop application. All screenshots refer to their desktop application, unless specified otherwise.

The first basic step when scheduling your meeting in Zoom is to keep the “Require Meeting Password” field checked.  This will reduce the possibilities that unwelcome people will drop into your video conference.

Setting the Zoom password

The other critical, but more subtle step is to let Zoom auto-generate your meeting ID. Before Zoom became a target, the Personal Meeting ID feature was popular as it was attached to the user and allowed them to start new meetings at any time, allowing people to easily join.  Unfortunately, hackers figured out that it was simple to write a program to guess the Personal Meeting ID and, without a password, just drop in.

Set auto-generate Zoom meeting ID

So to help keep your meeting secure, you should leave these two default settings alone.

Other Steps to Secure Your Meeting

While the two default settings above are fundamental to protecting your Zoom meeting, there are some other settings you should consider.

Set up the Waiting Room

If you have the waiting room set up, people cannot enter your meeting unless you explicitly give them permission. Currently this is in “Advanced Options” at the bottom of your “Schedule Meeting” screen.

Setting up Zoom waiting room in schedule

The waiting room is currently off by default, but you can go to your Zoom account settings to enable it for all future meetings. These settings are accessed through your web account by clicking on the “Settings” link in your Account Management area.

Setting up Zoom waiting room in account

Join Before Host

It is safest to not allow the meeting to start until the host arrives.  This is set up correctly by default, so you probably should not change the setting.

Setup Zoom Join Before Host setting

Control the Meeting

As the host you can decide who can share the screen and who is not yet trusted.  This can also be preset for all meetings at the account settings level.

Setup Zoom screen sharing

Similarly, you should control when attendees share files by disabling the file transfer setting. This will prevent attendees from sending files through the in-meeting chat.

Setup Zoom file sharing

What else Zoom is doing about protecting your Security and Privacy

Zoom has made it clear that it is aware of these and other security vulnerabilities and has already made changes to its default meeting and account settings to address the obvious problems previously discussed. In early April, Zoom CEO Eric Yuan said that for the next 90 days all of their engineering resources would be completely focused on security and privacy issues. On April 22, Zoom announced that it has already hit a key milestone on its 90-Day security plan, including many difficult and significant fixes, such as video encryption issues.

Find out more about how our Virtual Conference Software can help your event!