10 essential

10 essential privacy and security tips for Zoom

Chatting and video conferencing with Zoom can be a very immersive, social experience. Now you can have full control in every call, no matter how big it is and so I am writing 10 essential privacy and security tips for Zoom.

With social distancing and quarantine measures quickly put in place. The need for people to find a new way of communicating with each other has became pressing. Now that Zoom is one of the most popular video conferencing apps out there. Their developers have been targeted with intense scrutiny from their competitors.

Zoom is an older platform, but it has since gained tremendous popularity. The company has been handling the extra load seamlessly and responded quickly when security researchers discovered flaws in their software. However, just like with each and every service, code updates will not address every issue but some are worth considering. That’s why we’re offering 10 recommended guidelines for security & privacy settings in Zoom.

1. Protect your account

When you want to set up your Zoom account. Be sure to apply the basic safety standards that come with any account. To make your accounts more secure, we recommend using a strong and unique password, and enabling two-factor authentication. We have no reports of accounts that have been hacked with two-factor authentication enabled.

This is a Zoom feature that you need to be careful with. When you register, you get both your login & password and a Personal Meeting ID. For optimum security, the best practice is to not share your meeting ID publicly. Zoom offers the opportunity to create public meetings with your personal meeting ID, which is convenient and easy to use. However, it’s very easy for people who know your PMI (personal meeting ID) to join any meetings you host, so please be careful and private when sharing that information.

2. Use your work e-mail to register with Zoom

10 essential

Never mind the one-off glitch in Zoom (which has now been fixed) that caused it to incorrectly think email emails sent from the same domain belonged to a single company, as long as it wasn’t from, say, gmail.com or yahoo.com. For example, that happened to people who registered Zoom accounts using e-mails ending with yandex.kz, which is a public e-mail service in Kazakhstan, and it may happen again with e-mail addresses belonging to smaller public email providers.

Great, as you register with Zoom, use your work e-mail. Sharing contact details with your colleagues should not be a big deal. If you don’t have a work e-mail, please create an account with a well-known public domain to keep the information personal.

3. Don’t fall for fake Zoom apps

Denis Parinov, Kaspersky security researcher, discovered the number of malicious files using names of popular video conferencing services (namely Webex, GoToMeeting, Zoom) had increased by 15% in March. Using Zoom and other apps like it is still quite popular among malefactors, and judging by the increase in their abuse in file names, it seems that they are stepping up their activities.

Don’t fall for it! Use Zoom’s official websites for safe downloads — zoom.us for Mac and PC, and the App Store or Google Play for your mobile devices.

Sometimes you have to have an event that is open to the public, but depending on where you live it can be difficult to organically attract an audience. Thankfully, online events are becoming more common and through Zoom it’s easy to hold a successful event that anyone can register for. When holding an open event, one should avoid sharing personal information and redacting personal information.

If you heard any of the term Zoom-bombing before, it probably came from Techcrunch journalist Josh Constine. He coined the term to describe how someone could intentionally disrupt a meeting by pasting unrelated images or content on their screen. A number of trolls on Discord and 4Chan have been talking about potential targets for the next time they organize raids.

The information that trolls use to plan their attacks usually comes from social media sites like Facebook. So don’t share the event URL publicly on these sites. Either way, try not to make the event public because they’re waiting for your moment of vulnerability.

5. Protect every meeting with a password

Setting up a password for your meeting remains the best means of ensuring that only the people you want in your meeting can attend it. Recently Zoom turned password protection on by default, which is a good move. Meeting links and passwords should never be given to anyone outside of your organization. Similarly, never release any links or passwords on social media channels. Otherwise you run the risk of attracting trolls who want to access the meeting and share it with others.

6. Enable Waiting Room

You can give participants more control over meetings by enabling the ‘waiting room’ setting recently enabled by default. The waiting room makes the participants wait until you approve them one by one. This adds the ability to control who joins your meeting, even if they somehow managed to get in by guessing or copying someone’s password. With Zoom it’s also possible to kick unwanted people out of the meeting and have them wait outside – we recommend leaving as soon as you realize who is there.

7. Pay attention to screen-sharing features

One of the most popular features in Zoom is screen-sharing. It’s available as an option for you within every videoconference & we think it’s worth keeping your eye on a few settings that are important here:

The ability to share the call screen is a useful feature, but it can be tricky to figure out which option you need. Hosts get unlimited access to screen-sharing, but other participants are limited in what they can see. We recommend that you choose the option that best suits your needs. If you don’t immediately see how this feature could make your meetings more productive, it’s probably not something you’ll need. But if one day you find yourself in a position where it is necessary, the option is still available to you.

8. Stick with the Web client if possible

The various Zoom client apps have had their fair share of bugs. For example, some versions let hackers access the owner’s camera & microphone or let websites add users to calls without their consent. Zoom reacted swiftly to the aforementioned problems, fixing them as well as other similar ones. They also stopped sharing user data with Facebook and LinkedIn. Nonetheless, Zoom apps still remain vulnerable without a security assessment thus they may share data with third parties.

For this reason, we recommend making a Zoom account and accessing the Web interface instead of installing the app. The Web version will not have as much access to your device as an installed app would and it’s more managable that way.

If you use the zoom web interface and find that Zoom has already downloaded the installer, there is no other option but to install their client. As a rule of thumb, you should also limit the number of devices that Zoom is installed on to just one. If you use it as your secondary smartphone or as a spare laptop and one with no personal information on it, there’s no risk of any data leaking from other devices.

If your company has Skype for Business as their team chat app and also uses Zoom, then you can offer that workflow to your users. It’s compatible with Zoom and will allow your users to have a smooth experience.

9. Don’t believe in Zoom’s advertised end-to-end encryption

One of Zoom’s key selling points is its end-to-end encryption. It is a highly reliable option for video conferencing, with an equally diverse set of features and a great price point. All of your voice communications and messaging with people you call are encrypted in a way that all the other people on the call can’t decrypt them. Nobody else, including the service providers, can access them.

Sounds great, but as security researchers have pointed out it can be difficult. Zoom did state that when the other end means their server, the video is encrypted. This can be potentially problematic because Zoom employees and law enforcement have access to it. The messages in chats only seem to be encrypted end-to-end. This won’t necessarily mean that you should abandon Zoom for good, since other popular video conference tools don’t have encryption either. But you should keep this in mind and avoid discussing anything too personal or sensitive on Zoom.

10. Think about what people can see or hear

Before joining a videoconferencing call, consider your appearance before you hit the “join” button. The other participants may expect you to look as professional as they do. Always make sure to have on proper business attire even if you’re home alone and/or for a casual event.

Screen share is great for productivity and collaboration, but not so much if you have any windows open that you don’t want to show. If you’re on a Zoom call with someone, be sure to close any other personal windows before sharing with them. And it goes without saying: if your boss can see your screen, be sure to clear out anything private

I have written down the 10 essential security and privacy tips for Zoom.

Enjoy your Zoom

It may sound boring and lonely, but think about how things were before broadband, videoconferences on programs like Skype and Zoom. We’re glad such apps exist so you know the correct way to use them. 

10 essential 10 essential 10 essential 10 essential 10 essential

1 thought on “10 essential privacy and security tips for Zoom”

  1. Pingback: Zoom Tricks: best 11 You Wish You Knew Sooner - Creative Tech News

Leave a Comment

Your email address will not be published. Required fields are marked *