Zoom Security Issues – Protect Yourself

by | Apr/7/2020

Every business is concerned and should be, about cybersecurity during online meetings. Due to its popularity, Zoom is an attractive target for the bad actors. There are hundreds, maybe more, people working all the time to break Zoom’s security.

To help address the security problems, Zoom now offers a reward for anyone who finds a way to break in. The payoff, for bad actors and researchers, is enormous. A sobering thought is that maybe the attackers already have full control over Zoom. However, they might have complete control over GoToMeeting, Microsoft Teams, Skype, TeamViewer, WebEx, and any other virtual meeting platform. I certainly hope not.

Zoom is Making Improvements

Zoom says they’ve configured the system to avoid sending meetings through China’s servers. Otherwise, the Chinese government might require disclosure of your communications.

If you use Zoom on a Mac, then if a bad actor has your computer, they could take over your camera and microphone. Additionally, Zoom exposed information that could reveal Windows passwords. Zoom says they fixed those problems.

After Consumer Reports raised red flags, Zoom improved its privacy policy and practices. Zoom still has problems. A notable issue is that there is no end-to-end encryption during meetings. Security best practices dictate protection from each participant to every other.

You and Other Companies can Help Protect Meetings

For example, if you permit your users to record the meeting, encourage them to password protect the recordings, especially if they upload them to a cloud storage service. Otherwise, anyone with access to the recording can play it back.

Require passwords and require waiting rooms per new default settings. The goal is to stop intruders from interrupting a Zoom meeting with disruptive or disgusting content.

Configure the meeting so that only the host can share their screen. Then intruders cannot share theirs.

Never use a personal meeting room ID for scheduling meetings. Use the default setting to generate a meeting ID randomly.

Alert users to expect fraudulent email meeting invitations attempting to trick users into typing their Zoom username and password.

Enable two-step login requirements to protect accounts even if a bad actor does discover usernames and passwords.

Or, you could ditch Zoom all together. Options include FaceTime, Signal, Teams, and many others. But who knows which one could get hacked? No matter how secure it is, all it takes to destroy security is for one person on the call, or an attacker with remote access to their computer, to record the conversation using third party screen recording software.

To help protect your Zoom meetings, watch other videos that concisely cover the security settings available in a paid Zoom account, configuring the two-step login feature, and a run-through of paid account settings so you can follow along:

Zoom Security – Set Up Two-Step Login

Zoom Security Settings – The Concise Details

Zoom Security – Follow Along to Set Settings