How to Secure Your Zoom Video Conferencing Sessions

The FBI is warning us…

of the serious security/privacy issues around Zoom and other video teleconferencing meetings.

A lot of people have recently had their Zoom meetings ‘ZoomBoomed’ – having your meeting interrupted by people using “pornographic and/or hate images and threatening language”. To add to that, Zoom’s meeting traffic appear to NOT be end-to-end encrypted. Essentially that means our video/audio traffic can be intercepted by Zoom. And our meeting data may even have been shared with Facebook and advertisers on the back end as well.

Things you can do to secure your Zoom and other video conferencing sessions:

▪ Always require a password to join the meeting
▪ Try to avoid using a set ‘Zoom Personal Meeting ID’ (PMI) to host meetings
⁃ Instead, generate a new random Meeting ID when scheduling a new meeting
⁃ The exception to this might be an internal recurring meeting, for which you keep the PMI only to within the internal team
▪ Send Zoom links directly to your participants, instead of sharing the links on very public social media posts
⁃ Then send the password in a separate message to your participants
▪ Only allow participants to log into Zoom with an email address to which they were specifically invited to your meeting
▪ Use the Zoom ‘Waiting Room’ to control who has access to your meeting
⁃ This will allow you to see participants in a virtual staging area, so they can be vetted and green lighted before the meeting starts
⁃ It also prevents the participants from joining until you open up the meeting
▪ Using a “Remove” feature to kick off any unwanted participants that do manage to join
▪ ‘Lock’ the meeting once all invited participants have joined so no one else can jump on
▪ Set your screen sharing to ‘Host Only’ to prevent someone else Zoombooming your meetings
⁃ You’ll see a ‘Screen sharing’ option that will anyone except you from sharing your desktops or apps
⁃ You can still grant screen sharing privileges to specific users if you want
▪ Use Multi-Factor Authentication (MFA) on your Zoom account so that if your password is ever stolen, the attacker won’t be able to access your Zoom account itself
▪ Download the latest Zoom software – this forces everyone to use passwords by default, and stops people from randomly scanning Zoom meetings to join.
▪ Use Apple’s FaceTime if you want to host very private meetings for up to 32 people with true end-to-end encryption
▪ Google Duo also allows up to 12 people, and its full end-to-end-encrypted
▪ Cisco Webex also supports end-to-end encryption and support up to 100 users
▪ If your meetings are not super secret, and you are OK without full end-to-end encryption, then Facebook Messenger (50 people), Skype (50 people), or Slack (15 people)  are also options t consider.

Please be safe out there everyone.


Leave a Reply