Zoom, has been a target of threat actors taking advantage of weaknesses in the platform’s default security and privacy settings. There have been recent incidents of video-teleconferencing (VTC) hijacking, also known as Zoom-bombing, in which unauthorized persons gain access to a teleconference and display lewd, threatening, or otherwise inappropriate images and language. Zoom is taking steps to address these issues and currently releasing software updates.
In the meantime here are some tips we can share to create a more secure VTC environment with Zoom.
- Require a password for all meetings and securely share that password only with your invited guests. Once set, guests must enter the passcode in order to enter the meeting. This will prevent unauthorized individuals from joining a meeting.
- Use waiting rooms. This allows the meeting host to verify those attempting to gain access to the meeting.
- Do not share your meeting IDs. These are unique to individual users and could be used to determine when a meeting is currently in progress.
- Send links to meetings directly to individuals and do not publicly post meeting links. This could allow unauthorized individuals access to your meeting, particularly when other security settings are not in place.
- Disable participant screen sharing or file sharing. This will prevent your meeting from being hijacked by others and allowing the sharing of inappropriate content.
- Lock meetings once everyone has joined. This will prevent unauthorized users from gaining entry while the call is in session.
- Avoid posting photos of your Zoom meetings. This could provide threat actors with the associated meeting ID and information on who is attending your meetings.
- Disable the “Allow Removed Participants to Rejoin” option. If an unauthorized participant is identified and removed, this will prevent them from regaining access to the meeting using the same account.
- Do not use your Facebook or Google account to sign into Zoom. This will help protect your privacy by limiting the amount of information Zoom, Facebook, and Google can collect about you.
- Beware of Zoom-themed phishing emails. These may appear to be from Zoom and direct the recipient to open a malicious link or attachment in order to deliver malware or steal user credentials.
- Keep Zoom updated. Enhanced security and privacy features may be applied. A recent update enabled meeting passwords by default, for example.
As always, please keep your cyber security radar open for all phishing emails and spoofing. Now more than ever hackers, scammers and other assorted criminals have wasted no time preying on this massive COVID-19 captive audience. If you need help with security awareness or any work from home tips for your business team, call us anytime. To Download these tips and more, Visit our website for Free Resources, Tools, guidance and support to thrive in the Covid-19 Crisis. Or Call us today at 609-642-9300.
