Ultimate Guide to Zoom Security Vulnerabilities and Concerns
After the dust settled down from the wave of people, businesses and schools that converted to online meetings during Covid lockdowns, questions concerning Zoom security began to arise.
With so many work and social meetings now taking place online, many through Zoom, people want to how good Zoom cyber security is and whether their information is secure when using the platform.
Zoom Security Issues in the Past
Zoom is unfortunately not immune to security threats, though it has the benefit of a team that works aggressively to fix problems as they arise.
Here are a few of the security issues Zoom has dealt with:
- Zoom Bombings. This is like photobombing in that an uninvited person with a meeting link or ID enters a meeting and witnesses the entire conversation. The meeting hosts have no way to prevent the person from entering the chat or to remove them. At a minimum, the host would need to rearrange the meeting, set up a new room and issue a new meeting ID or link.
- Vulnerable iOS. Hackers targeted Apple users through the Zoom application, turning on participant webcams and pulling people into meetings without their consent. These hackers were able to essentially turn any Apple device into a remote spy, through Zoom.
- Data sharing. Zoom faced accusations of data sharing with Facebook. Zoom admitted that this sharing took place, under the premise that it provided users the option of employing a Facebook Software Development Kit to log into Zoom. After this accusation, Zoom removed all of the codes and the Software Development Kit from its platform entirely.
- Brute force attack vulnerability. Historically, Zoom has fallen victim to brute force attacks, because its URLs and password combinations tended to be predictable. Zoom reacted by integrating a Captcha feature into the login process, making it nearly impossible for brute force attacks to succeed.
Zoom Security Features
In response to these issues, Zoom developed its own set of security features to address zoom security vulnerabilities. Now, hosts and participants have additional controls available to enhance meeting security.
- Lock Meeting. This allows the host to lock the meeting so that no new participants can join.
- Enable Waiting Room. Incoming or current participants can be moved to the waiting room before joining the meeting properly.
- Hide Profile Pictures. Display names are shown instead of profile pictures, giving all participants a certain amount of anonymity.
- Remove participant. The host can remove a participant from the meeting. The removed participant may not rejoin until “Allow Removed Participants to Rejoin” is enabled through the meeting settings.
- Report. Participants may report a suspicious or abusive user to Zoom’s Trust and Safety team. This tool allows participants to not only make a report but also upload relevant evidence (such as screenshots).
- Suspend Participant Activities. The host can turn off all participants’ Zoom-related media, in addition to locking the room to prevent participants from joining.
Zoom Security Tips and Best Practices
Most web-based platforms and apps, including Zoom, publish a list of recommended best practices for their users to follow. Zoom recommends 12 practices that will help to minimize security risks
These practices are:
- Allow authenticated participants only. Even if a participant has the meeting URL, they can’t gain entry unless they have an authenticated ID.
- Don’t share the meeting URL openly. Like passwords and pin numbers, it’s important that you don’t share meeting URLs with just anyone.
- Host retains control. Full control of the Zoom security settings should belong to the host.
- “Host Only” settings kept. Mute and close the video of participants as they enter, removing any suspicious users. Keep all settings to “host only.”
- Record meetings. Record all Zoom meetings, with participant consent. This allows further viewing later, maintains accountability and saves evidence if needed.
- Share cautiously. Restrict participant file and screen sharing as a default setting, then manually enable sharing for authenticated participants.
- Audit log. An audit log keeps a record of all activities performed during a meeting. That way, suspicious activity can be tracked.
- Use browser-based video conferencing. Since personal devices may not have up-to-date virus protection or other security settings, it’s a good idea to open Zoom through a web browser.
- Update regularly. By ensuring that your software is updated, you get the latest version of the software, including whatever new security features it may possess.
- Enable Waiting Room and Lock Meeting. By enabling these two features, the host can redirect participants to a waiting room until their ID is authenticated and the meeting room has been opened.
- End-to-end encryption. Opting for video conferencing featuring end-to-end encryption maintains complete privacy for your video calls.
- Keep chat minimal. Unless you absolutely must, don’t use the chat feature. It is hard to keep track of with larger groups and hackers may use the chat platform to send out phishing links.
Zoom Security Tips
Following Zoom’s best practices is a good way to create a safer meeting experience. In addition to the recommendations listed above, there are other ways you can increase your security, such as:
- Protect your account. Just like with any other account, you need to secure your Zoom account with a strong ID and password combination, opting to also use 2-factor authentication. This authentication makes your Zoom account harder to hack.
- Use your work email. When registering for a Zoom account, use your work email instead of your personal email. If you don’t have a work email, consider creating another email address just for Zoom registration.
- Don’t share links via social media. No matter whether the meeting or event is private or public, don’t share the link through your social media accounts. Hackers often troll social media platforms for meeting URLs, so that they can Zoom bomb it.
- Think about what you are showing. Before joining a meeting, consider what the other participants might hear or see. Make sure you are in a quiet place, that you have at least a basic level of dress and grooming, and that you have closed all other web or app windows. Essentially, make sure you get rid of anything you don’t want the other participants to see.
The Wrap on Zoom Security
Zoom cyber security has been a contentious issue since it was launched but Zoom has been addressing and solving issues as they arise. Following the best practice recommendations and security tips listed here will all help to minimize Zoom security risks.
If you’re concerned about how secure it is to use Zoom, may we suggest you look at Microsoft Teams as an alternative. On the topic of Microsoft Teams security, Forbes said this:
“Microsoft has a stellar reputation for data and user security, and the Microsoft Team’s app is no exception. Microsoft Teams uses multi-factor authentication plus rest and in-transit encrypted data to protect its users.”
Microsoft Teams is our conferencing and collaboration platform of choice. They’ve added a bunch of new features in 2022 which you can read about here. They also offer a cloud-based VoIP business phone system integration called Microsoft Teams Phone.
BSC Solutions Group provides a wide range of cybersecurity services and solutions for businesses in Mississauga, Brampton and the entire Greater Toronto Area.
We can make your business IT systems more secure. Contact us today to get started with an initial Cyber Security Assessment followed by a custom-designed Cyber Security Strategy to fit the unique needs of your organization and budget.