Now that everyone is working from home, Zoom has taken its rightful place as one of the most popular virtual meeting platforms currently used by remote workforces. This isn’t without its risks, however, and if you’re not securing your Zoom meetings, you could be facing Zoombombing in your next meeting.
Zoombombing is an action taken by a bad actor to disrupt your meetings, warns the FBI, and it can affect your business meetings, “social gatherings,” and even your child’s online school attendance meetings. This makes Zoom another platform that needs to be secured for your remote workforce.
Zoombombing can range from pornographic sharing to hate speech and, unless you’re proactively securing your Zoom meetings, you are at risk every time you use this platform.
Failure to secure your Zoom meetings can have many bad implications, all the way up to and including HIPAA violations.
Here are ten tips to help you secure your Zoom meetings and avoid Zoombombing.
You Get What You Pay For
As with so much else in life, you get what you pay for with Zoom. While the platform does offer a free version, you will be far more secure by investing in the paid version. In addition, opting to pay for Zoom gives you more flexibility, such as:
- Multiple host permissions
- More attendee allowances
- Custom personal meeting IDs
- Longer times allowed for meetings
- Cloud recordings of meetings
Side by side pricing comparisons show that paying for Zoom gives you far more features while remaining budget friendly, however Zoom is releasing some of their security features to their free platform as well.
“We’re always striving to deliver our users a secure virtual meeting environment. Effective April 5, we are enabling passwords and virtual waiting rooms by default for our Free Basic and Single Pro users.”
Overall, for security as well as for more useful and customizable features, however, it’s still better to invest in the paid version.
Require Passwords to Access Meetings
Sometimes the simplest strategies work the best. Requiring a password is an important way of securing Zoom meetings.
Passwords will weed out any hackers who use scanning software to access Zoom meetings and make it far more difficult for them to use other hacking methods to get into your meetings.
It’s also recommended that hosts do not use their personal meeting rooms for hosting meetings. Much like phone numbers and passwords, if a bad actor stumbles across your individual Zoom meeting link, he or she can easily Zoombomb you.
Never share the meeting password on public sites.
Securing Your Zoom Meetings with Timely Security Patches
The time between when a software designer finds exploits and creates fixes (or patches) for them and when your employees install the security upgrades is a window of opportunity for cybercriminals. Remind your employees that securing your Zoom meetings starts with them and encourage them to install security patches as soon as they become available.
User Authentication for Internal Meetings
You can weed out bad actors by allowing Zoom to only authorize users’ access to meetings who have a specific domain, such as email@example.com.
Any user who attempts to access the meeting without being authenticated will receive an error message from Zoom and not be permitted to join.
Enable the Waiting Room
This feature allows you to control who comes to the meeting by allowing the host to individually grant access to each attendee. You can control the attendees and vet them, disallowing any users you don’t recognize from accessing the meetings.
Do Not Publicize Your Zoom Meetings
Publicizing your Zoom meetings on social media is bad news. A simple search of social media allows bad actors to see lists of all posted Zoom meeting links, which they can then use and log in themselves.
Instead of publishing the Zoom link on social media or any other public forums, create a sign up. While you still must vet the attendees on your sign-up list, you are making it much more difficult for bad actors to access the Zoom meetings. Since hackers generally seek the easy road, they will bypass your meeting and take aim at a meeting they find posted online.
No Participant Screen Sharing
Zoombombers use screen sharing to wreak their havoc on your meeting. Luckily, Zoom makes it easy for the host to disable screen sharing from anyone in the group.
Since the host is controlling who is sharing their screen, no one without authorization or whom the host doesn’t know can hijack the meeting.
To play it safe, the host can disable the audio and video features as well, blocking a bad actor’s ability to participate at all.
In Meeting Security Icon
In Meeting is a new icon in Zoom that allows the host to immediately shut down an active meeting if it has been breached.
In Meeting additionally allows the host to disable chat, disallow screen sharing in real time, control user access, and other important features for securing your Zoom meetings.
Disable the Join Before the Host Feature
If you have allowed “Join Before the Host,” participants can come into the meeting before the host arrives. Ordinarily, this is a great chance for your remote workforce to catch up with each other and share before the meeting begins but with the increasing prevalence of Zoombombing, it’s also a way for a bad actor to get in and cause disruption before the host can come in and actively shut the meeting down.
No Zoombombing Allowed
Zoom is aware of the recent Zoombombing activities and has made it easy for users to avoid them. The Department of Justice takes Zoombombing seriously, and has declared it a punishable crime.
While some Zoombombing antics on social media may seem harmless, many are not. The aim of Zoombombers who use hate speech, pornography, and slander is to demoralize your teams.
Follow these simple tips for securing your Zoom meetings so they remain safe and productive.