Seemingly everyone knows about Zoom now: co-workers, friends,and neighbors. The videoconferencing software company that went public last year is having a moment in the spotlight during the pandemic. People have flocked to the service to keep up with friends, build digital clubs, and even Government meetings. However, in this time of immense growth, researchers and journalists have scrutinized the app and found multiple security and privacy risks. People are realizing the free app might actually come with the cost of giving up their personal data.
The app’s main selling point, at least to the broader consumer world, is that it offers free, 40-minute conference calls with up to 100 attendees. It’s easy to use — people don’t need a login to access a meeting — and the interface is relatively intuitive. However, those same features put people at risk.
Due to this increased popularity, hackers have taken advantage of Zoom’s system of randomly generated ID access codes and lack of required passwords to join a call. People drop into Zoom calls that aren’t their own and broadcast offensive material, like pornography. There is now an automated tool developed by security researchers that can find over 100 Zoom meeting IDs in an hour and information for nearly 2,400 Zoom meetings in a single day of scans, just as an example of how easy it can be to find meetings to join. Zoom says passwords have been enabled by default since late last year, but many people still aren’t using them, and in its latest update the company as blocked one’s ability to see Zoom meeting IDs.
NITA-Uganda has come up with guidelines for government agencies and other users to help them use Zoom securely.
1. Always keep your software up to date
Vulnerabilities in applications are fixed through releasing newer versions of the applications. Therefore always make sure you keep your version of the Zoom application up to date to lower your risk of compromise.
Open zoom desktop App. Click on the down arrow to the right of your username. From the drop down menu click on Check for updates. Download the latest version and then re-open zoom.
2. Never share your personal meeting ID
Do not use a Personal Meeting ID but rather allow Zoom to generate a random ID for each meeting. When scheduling a meeting, chose the ‘Generate Automatically’ option under the Meeting ID feature.
A personal Meeting ID is unique to each user account and as such can be used by adversaries during targeted attacks.
3. Always use passwords to protect your meeting
Always set a password for each new meeting, never embed the password in the meeting link and always require password for participants joining by phone. Activate use of this by ticking the ‘Require meeting password’ option under the Password feature when scheduling your next meeting.
Kindly note the generated password as this will have to be securely shared with all meeting participants. If a meeting is not being password protected, then uninvited guests can intrude such meeting or chat.
4. Always share the meeting details securely
Never share meeting details like meeting links, or meeting ID, or meeting password, or pictures of your zoom meeting on public platforms like websites or on social media such as twitter or Facebook. Once the meeting link has been generated, share the link by email only with the people you are inviting. In addition, avoid taking pictures of active zoom meetings and posting them online since this will reveal information about the meeting.
5. Always use a meeting waiting room
The waiting room allows the host to screen everyone entering the meeting to ensure no one uninvited can get in. Find this feature under the advanced options when scheduling your next meeting. To make use of this feature, tick the ‘enable waiting room’ option.
6. Always lock the meeting to restrict joining
The meeting host should always lock the meeting once all participants have joined so no new participants can join the meeting even if they have the meeting ID and password. Update to the latest Zoom version, click security at the bottom of your Zoom window and there you will see the Lock Meeting option.
7. Beware of phishing
Always be careful when clicking on any meeting invite links to avoid being led to a malicious site to download malware or enter details. Always copy the meeting ID from the link provided and enter it in the official application to join. You can as well hover your mouse over the meeting to make sure the link includes the zoom.us domain within it.
8. Quality of service
If you experience poor quality of service during a meeting, like glitches or breakage in service, then most likely your internet connection is not good. Kindly turn off video and proceed with a voice only meeting. Voice only meeting is better when the number of users are many and when the quality of internet connection isn’t good. To turn off your video during a meeting, make use of your controls that appear at the bottom left of your screen.
9. Disable join before host
Participants cannot join the meeting before the meeting host joins and they will see a pop up that says, “The meeting is waiting for the host to join”. To use this option, make sure the ‘enable join before host’ is un-checked under the Advanced options when scheduling the meeting.
10. Limit Screen Sharing to the Host
Allow only the host to share content during meetings. This is preventing any unwanted content to be shown during a meeting. You can change this if you need to allow other attendees to share their screens.
- Click the up-arrow next to Share Screen.
- Select Advanced Sharing Options.
- Under Who can share, click Only Host.
11. Enable only authenticated users to join
Only participants who have signed into their Zoom account can access this particular meeting. Only authenticated users can join meetings. Controls what type of users can join Zoom meetings. Note: Do not use this feature if you intend to host participants who don’t have Zoom accounts.
12. Require registration
Allows you to have your participants register with their e-mail, name, other questions, and custom questions. This will help you evaluate who’s attending. Note: The participants should have Zoom accounts
13. Disable Automatic Recording of Meetings
We recommend all meeting host not to record zoom meetings. Minutes should be taken by the meeting secretary as is the normal practice. When scheduling a meeting, make sure the ‘Automatically record meeting’ option is unchecked under the Advanced Options.
