Zoom Security & Privacy Tips
Zoom has made headlines as it has become the videoconferencing tool of choice for many companies and individuals quarantined at home due to the COVID-19 pandemic. Zoom’s daily active users jumped from 10 million to over 200 million in 3 months. The appeal of Zoom is that it’s easy to install, easy to use, has some fun features like virtual backgrounds, and its basic version is free. The free version allows for up to 100 participants to meet for a maximum of 40 minutes. This is certainly enough time for quick meetings with colleagues or catching up with friends and family. And if you need more time, just start another meeting.
While the rapid growth in popularity has made Zoom a household name, it has also put the product in the cross-hairs of attackers and white-hat security researchers. As a result, multiple security and privacy issues have been uncovered and shared publicly. Cybersecurity expert, Bruce Schneier wrote, “Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.”
There is little that we end users can do about the product’s privacy and security issues, but fortunately Zoom’s founder, Eric Yuan has apologized and frozen all feature updates so Zoom developers can focus on security and privacy fixes for the next 90 days. Mozilla, the organization that makes the open-source Firefox browser stated, “And as millions of people have started working, socializing and exercising on a platform originally intended as an enterprise tool, lots of questions about Zoom’s privacy and security have surfaced. Researchers have recently discovered privacy issues and deficiencies, but Zoom has been very responsive and worked to quickly resolve them.”
What Can We Do?
When it comes to user-configuration, there is a lot that we can do to lessen the likelihood of attack. The best thing that we can do with any application is become aware of the product’s security and privacy features. For those who use Zoom, or are required to use it, here are ten tips to better secure your videoconference.
Check for updates before each use. With all of the security and privacy issues being worked on now, there will likely be many updates in the next 90 days (see image).
Create a unique meeting ID for each teleconference. Zoom gives each user a unique code called a Personal Meeting ID (PMI). You can share this with people to invite them to meet with you on Zoom. However, you can also have a unique Meeting ID generated automatically when scheduling a meeting (see image).
Create a unique and difficult-to-guess password for each teleconference. The password can be up to 10 characters long and include letters and numbers (see image).
Do not publicly post the link or password to your teleconference.
Disable the “Join before host” feature so no one can join until the host is there to moderate attendance.
Make sure that only the host can share his or her screen. To do this, you need to log into the Zoom website, not the application. Click on Personal > Settings > In Meeting (Basic). Then scroll down until you see “Screen sharing” and click on “Host Only.” (see image)
Lock the meeting after it starts.
If you record a meeting, store the video file in a safe location.
Enterprise Users: Zoom supports SAML-based SSO.
Check Zoom’s security white paper for other settings and watch their blog for details around security and privacy updates.
Zoom Alternatives
If you are looking for alternatives to Zoom, there are many options. Ten popular video conferencing applications are listed below.
Videoconferencing is now a part of many people’s lives and they’re using it for much more than work. Virtual Happy Hours, religious ceremonies, and even graduations are happening with social distancing and video conferencing. Since many of these events are public, it is an environment ripe for abuse. The FBI warned of teleconferencing and online classroom hijacking during the COVID-19 pandemic. This applies to all videoconferencing tools so be aware of your digital surroundings and if you receive a specific threat during a teleconference, please report it to the FBI.
While Zoom has had a really great month, and a really bad month, the company is responding to the security and privacy issue in the right manner. People are rightfully concerned but there is another, potentially controversial way to look at the situation. Finding vulnerabilities and patching them quickly is a good thing. Zoom has experienced unprecedented scrutiny over the past month, and as a result it may ultimately have better security and privacy than some of its competitors. There’s some irony and also a good lesson here. We need the software that we use to be tested by the masses to find and fix vulnerabilities. This usually happens over a long period of time. Zoom, on the other hand, has been extensively tested by extraordinarily diverse groups, in many different use cases all in a matter of weeks.
Whether you use Zoom or another videoconferencing tool, follow the tips outlined in this article, be sure to read the product’s user guide and security guide and adjust the settings so you can keep your private meetings, private.