The COVID-19 pandemic has had a huge impact on the economy, and forced many employees to work remotely. For more than 200 million people, that meant using Zoom for virtual meetings everyday. An incredible increase from just 10 million daily users just last December. But for hackers and bad actors, that also meant an opportunity to exploit a platform that wasn't prepared for the rapid growth and users utilizing it in new use cases that wasn't considered.
UPDATE: In April 2020, in connection with the COVID-19 pandemic, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced the Notification of Enforcement Discretion, which allows healthcare providers to use widely available communication apps, such as [name of the app], for telehealth services without the risk of incurring HIPAA fines. For more information, check out this recent Paubox blog post.
The security incidents ranged from juvenile " Zoom bombing," to thousands of video call recordings being open and unprotected on the internet, to zero-day vulnerabilities. If it all sounds scary, it should be. But that doesn't mean Zoom can't be used securely. In this post, we'll cover some best practices to make sure your Zoom meetings are secured.
Keep your Zoom app updated
Like all popular software applications, Zoom is constantly under attack by hackers looking for exploits. This is no different than the challenges faced by Apple, Google, and Microsoft. To Zoom's credit, they have moved fast to patch vulnerabilities as they've come up.
SEE RELATED: Is Zoom HIPAA Compliant?
That's why it is extremely important to install updates when you see a notification, and not put it off. The updates aren't always just minor performance tweaks, but often contain urgent security updates. Many of the original concerns around privacy were fixed in recent patches. Also, many of the issues people were having with Zoom arose from users not knowing how to change settings to enable many security features. But a recent patch enabled many security features to be set active by default, like meeting passwords, and also made finding security options easier.
Zoom meeting settings you should useAlthough Zoom is doing better at making security features enabled by default, there are still some settings you'll want to be sure are enabled. This will give you the most control over who has access to your meetings and what gets shared during the meeting.
- Make sure your meeting is "private"
- Don't use your personal meeting ID
- Use the "Waiting Room" feature
- Make sure "Join Before Host" is disabled
- Restrict screen sharing
- Moderate your meetings
Most of these settings can be accessed from the new Security Icon available to hosts when you've started a meeting.
Make your meeting is "private"
Zoom now sets all new meetings to "private" by default, but it is possible to make the meetings public, which some users do in order to make it easier for participants to join. But by now, it's abundantly clear that the minor inconvenience of entering a password is well worth it.
Don't use your personal meeting ID
You can think of giving out your personal meeting ID like giving out your home address. Not something you'd likely be willing to give out unless it's to a trusted individual. Every registered Zoom user has a personal meeting ID, and that's basically one continuous Zoom meeting that anyone can join at anytime. You'll want to use this only for internal meetings at most, but never use it for public or external meetings.
Use the "Waiting Room" feature
In it's latest patch, Zoom announced the Waiting Room feature is now on by default for free Basic and single licensed Pro accounts, as well as education accounts enrolled in our K-12 program. That means for many organizations, this is not enabled. But you'll want this on to see who is attempting to join a meeting before allowing them access. You can enable the Waiting Room in your Account Settings, or after you start a meeting via the Security Icon.
Make sure "Join Before Host" is disabled
To make sure you have control of your meeting even before it starts, you'll want to make sure "Join Before Host" is disabled. Like the name says, it prevents participants from jumping on early and possibly sidetracking your meeting. This should be disabled by default, but just in case you'll want to double check in your Settings.
Restrict screen sharing
Although this is a key part of moderating your meetings, this setting is important enough to be listed on its own. One way to be sure that no undesirable content is shared with your meeting participants is simply to make sure no one else can share their screen unless allowed to by the host. You can set this from the Security Icon in your meeting.
Moderate your meetingsIt can seem like a no-brainer, but remember that you're in charge of the Zoom meeting and it's perfectly ok to moderate it with a heavy hand if participants get out of line. That includes the ability to:
- Lock the meeting
- Remove participants
- Restrict participants' ability to chat
- Restrict participants from annotating on the host's shared content
Zoom recently published a blog post that features a full list of in-meeting settings that can help you keep control of your meetings.
So is Zoom secure to use?
Like other popular applications, with popularity comes both good and bad attention. But following the steps in this post can help make sure your Zoom experience is as secure as possible.