02 Apr Safety and Security While Video Conferencing with Zoom
From Kathy Zant at Wordfence.com
With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected.
Zoom has come under fire in recent days due to security issues with the platform. A zero-day vulnerability has recently been disclosed, and numerous users have noted that Zoom bombers are joining open meetings and sharing undesirable content. Zoom has also been found to overshare data with Facebook via their iOS app, a problem now fixed. BleepingComputer recently reported about a newly found vulnerability in Zoom that allows an attacker to steal Windows login credentials from other users.
In response, SpaceX has banned the use of Zoom for company meetings as has NASA. Zoom announced that they’re freezing all new feature development to focus on security and privacy.
Houseparty, another video conferencing platform, has also come under scrutiny with some users claiming that Houseparty is enabling hackers to get into their social media accounts amongst other things. Unfortunately, there does not seem to be much evidence to support these claims and Epic Games has offered a $1 million bounty to anyone who can prove these claims.
With all of these news stories, is it possible to have a safe video conference? Are some platforms safer than others? Why is Zoom so popular even though it has been plagued by so many security and privacy issues?
Remote businesses like Wordfence have been using remote connection tools for years, and we’ve learned a few things. With these concerns, we wanted to take a look at the security of numerous video conferencing platforms and provide some tips to help you stay safe when connecting online, whether you’re a meeting host or an attendee.
Video Conference Options
There are a number of video conferencing options available, all with different capabilities. While not everyone has a choice of video conferencing options, decision-makers will need to evaluate which offering has the functionality they need. Zoom, facing intense scrutiny, will no doubt be forced to improve their security to remain viable. If security is paramount to your conversations, choose an option such as Signal for secure text communication. For video conferencing, Cisco’s WebEx offers end-to-end encryption and encrypted recordings at the file and logical volume levels.
Even with their recent troubles, there are many reasons why Zoom is so popular. It’s easy to use, inexpensive, reliable and convenient. When security is paramount, however, using an alternative with a better security history makes sense. The larger concern is the expectation of security with a widely used product. This lulls users into a sense of security when it is not warranted.
Perhaps the greatest benefit of the recent media focus on Zoom is the realization that we’re may never fully secure when sharing information online, and we should always be prepared in the event of a breach.
There are, however, some steps you can take to improve security when using Zoom.
If You’re Required to use Zoom as a Meeting Host
Zoom is the most widely known platform, and when participating we don’t often get to choose which system we’ll be meeting on. Sometimes our employers require a certain platform, or sometimes our audience expects it. If you don’t have a choice in which platform to use, there are still some steps you can take to heighten your meeting security.
This video reviews some settings in your Zoom account that can help prevent Zoom bombing and ensure that your attendees have a safe experience.
Leverage your Zoom settings. There are a number of settings in Zoom that can help you keep your meeting safe. Lock down your meetings with passwords, mute attendees on joining, and lock down screen sharing so that an attendee can’t take over your meeting with their screen without your permission.
Kick out users. You can kick a user out of your room. You shouldn’t have to if you’ve secured your Zoom account, but know that this is available to you. Click Manage Participants at the bottom of the Zoom window. Next to the person you want to remove, click More. From the list that appears, click Remove and confirm.
Share Zoom links carefully. Without any controls in place, a Zoom link will let anyone join. Don’t share your Zoom meeting link in public places like social media or other public forums. Hackers and pranksters have been searching for these and accessing meeting rooms at will, wreaking havoc on business meetings and even online schooling.
Lock your meetings. Once a meeting has started and everyone is in attendance, click Participants at the bottom of your Zoom window. In the participants pop-up box, you will see a button that says Lock Meeting. When you lock the meeting, no new participants can join, even if they have the meeting ID and password.
Using Video Conferencing as an Attendee
Don’t use Zoom chats for private messages. If you’re attending a meeting and want to send a private message to another attendee, be aware that when your Zoom meeting is being recorded, the room owner will receive a transcript of everything you say privately.
Don’t share personal information. As with any public forum, assume that anything you type into chat or say in a Zoom meeting, you are being recorded and you don’t have control of what happens to that recording. Don’t share personally identifiable information with anyone, whether private or publicly.
Turn off video and mute yourself unless needed. If you’re attending a class or meeting and you don’t need video or audio, mute yourself and turn off your video. This prevents video conferencing from inadvertently recording conversations in your home or exposing information you might not want it to.
Helping Kids Use Zoom
As many schools transition to distance learning, helping our kids understand the importance of security and privacy is important and a great life lesson.
Zoom has some resources for school administrators to help them get started, but don’t assume that a teacher is fully versed in all of Zoom’s tools. Many are teaching online for the first time, and we’re all under a little more stress than usual. If you’re able to support a teacher as a moderator, you’ll make the learning experience better for everyone.
For younger students, stay with your child during online video conferencing. Schools should be asking for parental consent for video conferencing, and minors are not allowed to create Zoom accounts.
For older kids, teach them good video conferencing etiquette, including muting when they’re not speaking, not using the chat function, and not downloading files via Zoom.
Ask teachers if students can use aliases instead of real names, and find ways to limit the amount and depth of personal sharing via any channel online, whether video or otherwise.
Can We Stay Safe on Video Calls?
Yes, we can. Scrutiny of any platform is never a bad thing, as security research ultimately makes technology safer in the long run. It’s heartening to know that Zoom is taking security and privacy very seriously, and that pressure from the greater community will heighten that commitment.
Knowing how to use the tools is our first line of defense. We hope that you use these tools safely and fully to stay connected to those who matter most to you.
UPDATE, April 3, 2020: Zoom announced today that they’ll be turning meeting passwords and waiting rooms on by default to strengthen security of your Zoom meetings. They’ve published an update with information about these changes here.
Thank you to Nate Smith for his research contribution on this post.
To view the original post, please visit: