This post is written for those who need or have to use Zoom. It is written to help those people use Zoom safely. If you are in the Cyber Security Industry and you wish to comment on why you should use X or why China is the enemy, this is not the place. Please make a post of your own and discuss away from here. Here, we are merely trying to provide a little guidance on safer use. Thank you.
There has been a lot of talk recently in the press and online about zoom and all of its little security issues. Since the onset of the global pandemic, we have seen surge in “zoom bombing“. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble. There are a number of other issues that exist, such as linkedin trawling of attendees and contact detail snarfing.
So I had a go at securing zoom.
Securing Zoom meetings
I found six simple steps that I am using daily to ensure that I am securing zoom meetings correctly.
1. Add a password to all meetings!
When creating a new Zoom meeting, Zoom will automatically enable the “Require meeting password” setting and assign a random 6 digit password. Make it better by using all 10 digits.
You should not uncheck this option as doing so will allow anyone to gain access to your meeting without your permission.
2. Use Waiting Rooms
Zoom allows the host (the one who created the meeting) to enable a waiting room feature that prevents users from entering the meeting without first being admitted by the host.
This feature can be enabled during the meeting creation by opening the advanced settings, checking the ‘Enable waiting room’ setting, and then clicking on the ‘Save’ button.
When enabled, anyone who joins the meeting will be placed into a waiting room where they will be shown a message stating “Please wait, the meeting host will let you in soon.”
The meeting host will then be alerted when anyone joins the meeting and can see those waiting by clicking on the ‘Manage Participants’ button on the meeting toolbar.
You can then hover your mouse over each waiting user and ‘Admit’ them if they belong in the meeting
3. Do not share your meeting ID
Each Zoom user is given a permanent ‘Personal Meeting ID’ (PMI) that is associated with their account.
If you give your PMI to someone else, they will always be able to check if there is a meeting in progress and potentially join it if a password is not configured.
Instead of sharing your PMI, create new meetings each time that you will share with participants as necessary.
4. Disable participant screen sharing
To prevent your meeting from being hijacked by others, you should prevent participants other than the Host from sharing their screen.
As a host, this can be done in a meeting by clicking on the up arrow next to ‘Share Screen’ in the Zoom toolbar and then clicking on ‘Advanced Sharing Options’ as shown below.
5. Lock meetings when everyone has joined
If everyone has joined your meeting and you are not inviting anyone else, you should Lock the meeting so that nobody else can join.
To do this, click on the ‘Manage Participants’ button on the Zoom toolbar and select ‘More’ at the bottom of the Participants pane. Then select the ‘Lock Meeting’ option as shown below.
6. Keep Zoom Updated
If you are prompted to update your Zoom client, please install the update.
The latest Zoom updates enable Meeting passwords by default and add protection from people scanning for meeting IDs.
With Zoom being so popular at this time, more threat actors will also focus on it to find vulnerabilities. By installing the latest updates as they are released, you will be protected from any discovered vulnerabilities.
So there we go, the six steps I am using to secure my zoom meetings. I hope you find it useful.