5 Tips for Security-Conscious Zooming

Don't get Zoom Bombed at your next meeting

Last year when the COVID-19 pandemic restricted our ability to connect in person, we all became very familiar with the video conferencing software Zoom. No one could have predicted that a significant chunk of business in 2020 would be conducted through webcams and video calls. Schools, universities, and businesses have chosen Zoom out of the handful of similar services for years, but now more people than ever have adopted this technology as an essential part of virtual life.

Anderson Technologies has written about the risks that come with working from home, but as we move into the new year, more and more people are choosing to work remotely now that their businesses are working to put infrastructure in place to make a long term remote workforce more secure. This means Zoom will continue to be a linchpin in the business landscape for the foreseeable future.

Still creating your work from home systems and want to make sure you’re doing it right? Take a look at our in-depth guide to working from home securely and then give us a call.

What is Zoom and How Does It Work?

In case you’ve only ever received a Zoom invitation link for a video chat and didn’t look further into the platform, it’s important to understand what this service is before you use it. Zoom is a cloud-based video and voice call service software that works on almost every device and operating system. The basic platform is free, but if you want larger groups and longer meetings, you’ll have to pay for a plan.

Users can access the platform by downloading and installing the Zoom mobile app or desktop client. Anyone can be invited to a Zoom meeting with a link, but only users with a Zoom account can create and control a meeting. The host of a meeting can also require authenticated Zoom profiles, which means everyone attending would need to have a Zoom account.

Is Zoom Secure?

In most cases, yes, though there are some common exceptions. Zoom’s platform offers many meeting settings that allow a user to control the security of a meeting according to their specific needs. The important thing to remember is that you’ll need to review all meeting settings before it begins so that you don’t have any interruptions.

Over the last year especially, Zoom has been the subject of a number of headlines and scandals regarding their security practices. Because of its sudden boom in 2020, lots of Zoom’s security vulnerabilities have risen to the surface, specifically Zoom’s former practice of stating the platform had end-to-end encryption when it did not—an issue for its HIPAA-compliant users.

For more information on Zoom’s security and privacy practices, visit their site. Zoom also offers a deliverable PDF of best practices if you’d like to provide your team with a physical copy.

Public, unsecured meetings are subject to “Zoom bombing,” in which uninvited participants hop into random meetings and cause chaos. Students and teachers using Zoom often found themselves barraged by interruptions ranging from harmless to inappropriate and criminal. A recent analysis of zoom bombings during the first seven months of 2020 found that the majority of incidences were executed by other students or insiders with access to these meetings. This means that users should consider taking more than the bare minimum precautions when using Zoom.

5 Zoom Security Tips

As we continue to rely on Zoom and its digital counterparts to keep businesses on track, here are five easy tips to keep you and your virtual connections safe.

  1. Avoid using your Personal Meeting ID for public meetings. Zoom’s default setting makes repeated meetings and connections easier to schedule with a Personal Meeting ID. If you decide to have an impromptu video chat with your team, it might be tempting to use this one-click feature, but know that doing so leaves your meetings and profile vulnerable to uninvited eyes.
  2. Password-protect all meetings. Creating a Zoom meeting without a password for participants is like leaving your front door open, and this vulnerability has already been taken advantage of since its rise to popularity. Zoom offers an administrator setting that requires a password when scheduling a meeting, so be sure to choose a strong password and share it with the participants using a secure method, like encrypted email or iMessage.
  3. Require meeting participants to create a Zoom account, when possible. This is the only guaranteed way to prevent zoom bombing from outside or inside your organization. Creating a Zoom user account ties a participant’s access to their individual information, which generates a personalized meeting link only that participant can use. Unless a user’s account security has been compromised, no outside interruptions are possible. This isn’t always a practical option for large-scale or public meetings, so in those cases Zoom offers a video webinar with pared-down participation features.
  4. Adjust participant settings. There are many participant features you can toggle, even in the middle of a meeting. This makes it easy to mute a noisy attendee (or all attendees), control who can share their screen, and disable Zoom’s chat feature. These come in handy if you often have public-facing video meetings or meetings with large groups. Zoom’s latest release includes a security feature that can remove and report participants for disruptive behavior, and a host can enable that setting for other participants to use as well.  You can also set up a waiting room for meetings. This will allow the meeting host to admit participants on an individual basis, meaning you have full control over who you let into a meeting.
  5. Utilize MFA. If your password is compromised, so are your video conferences. Use MFA (multi-factor authentication) to keep your entire Zoom account and login information secure. Using MFA whenever possible boosts your security across the board.

Alternatives to Zoom

If you’re still searching for the perfect video solution for your business, there are many alternatives available:

  • Microsoft Teams: This option integrates security features and accounts from other Microsoft products your business may already use.
  • Google Meet: Formerly known as Google Hangouts, many schools use this if they are already integrated in the Google system. However, it does not offer end-to-end encryption.
  • Blue Jeans: This service is similar to Zoom but lacks free plans. It does offer seamless integration with Teams, Slack, Workplace, and a customizable API for industry-specific interfaces.
  • Adobe Connect or GoToMeeting: Though great for presentation-style webinars, these options may be a little clunky for an office chat. GoToMeeting analyzes individual user performance, if that’s something you value.

General Video Safety Tips

No matter which video conference service you choose for your business, there are some general best practices to keep in mind.

  • Use as much caution with your personal information possible, including one-time meeting links. Keep your login credentials safe. Hackers can use AI to guess passwords typed while on video.
  • Be aware of what your surroundings reveal, especially on public or unencrypted calls.
  • Sharing your screen? Prepare the area to display only what is necessary for the call.
  • Pause before clicking unsolicited video call links. Verify with the sender on another platform if you receive a suspicious invitation, and stay aware of phishing tactics that might mimic Zoom or other video conference services.

Zoom and its counterparts are here to stay, so no matter which video conferencing platform you decide on for your business, it’s important to encourage your team to use best practices even outside the office. As businesses adapt to the changing digital landscape, make sure you keep your employees and your security safeguards ready for anything the future holds.

Need help choosing a video conferencing platform, or have other questions about your remote work security? Anderson Technologies is here to help. Contact us today!