April 30th, 2020 Read Time: 6 minutes
The Electric Helpdesk is comprised of experienced IT Professionals with the knowledge and expertise to solve any IT Support question one may have.
Subscribe to our blog and stay up to date
Effective communication is essential for the success of any organization. With many organizations pivoting to working remotely as a result of the current stay-at-home orders, online video conferencing platforms are helping people communicate.
Some credit the rise in the popularity of Zoom above other video conferencing platforms as due to the platform’s ease of access and careful work to keep latency below 150 milliseconds (the maximum before conversations start to feel unnatural).
The numbers don’t lie—individuals are using this online video calling resource more than any other. According to Reuters, Zoom’s average user numbers in March were nearly three times that of its nearest rival Microsoft Teams. Further, Zoom said daily users spiked to 200 million in March, up from 10 million in December of last year.
Today, friends, students, family, and colleagues can connect online no matter their geographical location, thanks to Zoom.
As much as Zoom is helping the majority to solve the challenges of the world’s current situation, the platform has fallen under scrutiny for some security issues. One of which, Zoombombing, is posing several challenges.
Just like the advent of any other notable application, Zoom now poses some security challenges to users as a result of Zoombombing. Zoombombing occurs when an unauthorized attendee takes over control of a meeting either by speaking or displaying content they are not authorized to do so. Nefarious individuals have used lapses in settings to project hateful content to meeting participants.
Unprotected meetings continue to fall prey to vulgar behavior/imagery or hate speech as a result of Zoombombing according to CNET.
Some of recent examples include the exploitation of an unsecured screen sharing feature by students, a journalists' video call attack, and the canceling of Zoom meetings by NYC classrooms, among others.
As mentioned previously, due to the current world situation many organizations are in need of a way for employees to safely engage remotely. In that case, securing Zoom communications for organization is essential to continue enjoying the ease of access that the online platform offers.
Changing a few simple settings just is all it takes to secure the application. By encouraging users at your organization to make the necessary adjustments, you will minimize the risk of intrusion during Zoom meetings.
Below are the simple steps you should take to ensure your settings will prevent Zoombombing.
Gaining insight into anyone attempting to join your Zoom meeting before allowing them access is critical. You can keep uninvited guests out of your Zoom meetings by activating the "Waiting Room." Nefarious individuals will indeed attempt to bypass controls, but this feature places another roadblock ahead of them.
To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.
Zoom offers further details on how you can enable the "Waiting Room" on their website.
If you are the host for your Zoom meeting, you need to assume control from the onset. Disabling such options as the ability of other participants to “join before host” is advisable. Usually, the “join before host” option is inactive by default, but it’s critical to double check.
After that, you should disable the remote control function as well as screen-sharing for non-hosts. Also, depending on the type of meeting and who is invited, consider deactivating file transferring, annotations, and the autosave feature for chats.
Using your Personal Meeting ID (PMI) for your Zoom meetings will potentially expose you and participants to Zoombombing. The PMI can be tempting to use for a variety of reasons— it's a useful feature for recurring meetings with a small group, like a weekly team meeting or a one-on-one.
However, given out widely, anyone who has the PMI can try to gain access to your meetings. If someone knows you're due for a meeting and has your PMI, then it's very easy for that person to crash it.
In an early April update, Zoom started requiring a password for meetings with PMI, but it’s important to ensure users at your organization have the feature enabled as an added layer of security.
The ideal solution, in this case, is still using a per-meeting ID for every Zoom meeting you hold. Further resources on how you can generate a random meeting ID for your Zoom meetings as a security precaution are available in Zoom’s resource center.
You can keep uninvited guests out by locking your Zoom meeting once all the participants are in. Depending on the nature and size of the meeting it might be advisable to assign co-hosts as well.
If you start a meeting and everyone you expect to join has, you can lock the meeting from new participants. While the meeting is running, navigate to the bottom of the screen and click Participants. The Participants panel will open. At the bottom, choose More > Lock Meeting.
In case someone bypasses the controls you have in place during your Zoom meeting, the co-hosts can help address the situation if you are the host and actively presenting.
Social media, particularly Twitter, is one of the main ways hackers are organizing to crash a Zoom meeting. A quick search of hashtags, like #zoomcode on Twitter, will reveal meeting codes and passwords being shared almost in real time encouraging others to join in to crash the meeting.
If the link is visible to anyone but those you intended to invite to the meeting, then the meeting is no longer a private one. It may seem like common sense, but avoid sharing the meeting link on social media platforms.
Another safeguard is actually withholding the meeting link until right before the meeting so nefarious individuals have less time to organize. Consider using a calendar tool to hold the time on attendees’ calendars and then distributing the link a few minutes before the Zoom meeting is about to start. Remember, it should be a unique link, rather than your Personal Meeting ID.
As technology advances, fine-tuning security protocols will always be a necessity. As such, securing your Zoom meetings with the steps above should be part of your priorities if your organization uses Zoom for video conferencing.
You should not view Zoombombing as something that is an extreme security risk due to its general avoidability once the proper settings are in place.
Zoom’s security settings are also an indication that this platform appreciates and recognizes the importance of maintaining the privacy of every user. Overall, the platform remains a secure environment for communication at such a time as this when you take the necessary safety precautions.
Figuring out all your bases to cover is not an easy process to navigate, and that’s why Electric is here to support your organization. Electric can work closely to help you find the right solutions to make remote work easier and ensure your employees are taking the right steps to secure their applications.