With the Covid-19 pandemic ravaging the world, and with measures such as social distancing and quarantine being put in place to curb the spread, there is the need to actively deploy the use of technology to reduce human contact and hence the need for a search for an effective and secure of communicating with each other.
With its enhanced features coupled with the reported ease of use and attractive pricing, Zoom has quickly risen in popularity.
With so much use, Zoom’s flaws came rapidly to light. The company handled the tremendous increase of workload seamlessly and quickly reacted to security researchers’ discoveries. However, just like with each and every service, code updates will not address every complaint, but some issues are very much worth keeping in mind.
So, here we offer some security and privacy tips for Zoom users.
Protect your account
A Zoom account is just another account, and in setting yours up, you should apply the basics of account protection. Use a strong and unique password, and protect your account with two-factor authentication(2FA), which makes your account harder to hack and better protected, even if your account data leaks.
There’s at least one more Zoom-specific catch: After you register, in addition to your login and password you get a Personal Meeting ID(PMI). Avoid making it public. And because Zoom offers an option to create public meetings with your PMI, it’s quite easy to leak that ID. If you do, anyone who knows your PMI can join any meeting you host, so share this information prudently.
Watchout for fake Zoom apps
According to Researchers at kaspersky, this March the number of malicious files incorporating the names of popular video conference services (Webex, GoToMeeting, Zoom, and others) in their filenames had roughly tripled in comparison with the numbers they found month by month over the previous year. That most likely means malefactors are ramping up their abuse based on the popularity of Zoom and other apps of its kind, trying to disguise malware as videoconference clients.
Protect meetings with a password
Setting up a password for your meeting remains the best means of ensuring that only the people you want in your meeting can attend it. Recently Zoom turned password protection on by default — a good move. That said, don’t confuse the meeting password with your Zoom account password. And like meeting links, meeting passwords should never appear on social media or other public channels, or your efforts to protect your call from trolls will be in vain.
Enable Waiting Room
Another setting that gives you more control over the meeting, Waiting Room — recently enabled by default — makes participants wait in a “waiting room” until the host approves each one. That gives you the ability to control who joins your meeting, even if someone who wasn’t supposed to participate somehow got the password for it. It also lets you kick an unwanted person out of the meeting — and into the waiting room. We recommend leaving this box ticked.
Pay attention to screen-sharing features
Every normal videoconference app offers screen-sharing — the ability of one participant to show their screen to the others — and Zoom is no exception. Some settings that are worth keeping an eye on:
Limiting screen-sharing ability to the host or extending it to everyone on the call. If you don’t need other people to show their screens, you know which option to choose;
Letting multiple participants share screens simultaneously. If you can’t immediately see why your meetings would need this capability, you’ll probably never need it; just keep it in mind in case you ever need to enable it.
Stick with the Web client if possible
The various Zoom client apps have demonstrated a variety of flaws. Some versions let hackers access the device’s camera and microphone; others let websites add users to calls without their consent. Zoom was quick to fix the aforementioned problems, as well as other, similar ones, and it stopped sharing user data with Facebook and LinkedIn. However, given the absence of a proper security assessment, Zoom apps likely remain vulnerable, and they may still employ shady practices such as sharing data with third parties.
For this reason we recommend using Zoom’s Web interface instead of installing the app on your device, if possible. The Web version sits in a sandbox in the browser and doesn’t have the permissions an installed app has, limiting the amount of harm it can potentially cause.
In some cases, however, even if you want to use the Web interface, you may find that Zoom has gone ahead and downloaded the installer, and there’s just no other option to connect to the meeting but to install the client. In that case, you can at least limit the number of devices on which Zoom is installed to just one. Let it be your secondary smartphone or, say, a spare laptop. Choose a device with next to no personal information. We know that sounds somewhat paranoid, but better safe than sorry.
By the way, if your company already uses Skype for Business (previously known as Lync), then you have another option. Skype for Business is compatible with Zoom and can handle Zoom conference calls just as well — without the aforementioned flaws.
Be wary of what people can see or hear
If you plan on sharing your screen, close all windows you don't want others to see, whether it’s a surprise gift you’re buying online for another person on the Zoom call or a job search your boss doesn’t need to know about. We’ll leave other examples to your imagination..