Video chats over Zoom have recently been reported as hacked by ‘Zoom bombers’, and while coding measures have been put in place to improve security, users must remain vigilant about continued insecurities.
With this in mind, researchers at Kaspersky have provided 10 tips for staying secure while using Zoom.
1. Protect your account
Firstly, Kaspersky has recommended that Zoom accounts, as with accounts for any other platform, are protected using a strong password and two-factor authentication (2FA).
Passwords, according to Kaspersky, should not only be strong, but be kept in the long run as opposed to being changed, as changing them makes them more difficult to remember, and changes made aren’t major enough to prevent cyber criminals from hacking an account.
More specific to Zoom, though, is the Personal Meeting ID (PMI), which must not be shared publicly, as access to meetings can be gained by anyone who has it.
2. Use your work email when registering
Using your work email when creating a Zoom account, a well established public domain will help to keep personal contact details private. Your IT department will be actively looking for anomalies from external connections.
A recently discovered glitch within the platform’s Company Directory function involves users with the same email domain being grouped together, with the exception of email addresses with common domains such as @gmail.com.
This allows for the sharing of contact details, and is still not fixed.
3. Watch out for fake applications
The amount of malicious files that share the names of video conference services such as Zoom and Webex has roughly tripled within the past year, according to research conducted by Kaspersky.
This makes it even more vital that users do not use any source other than Zoom’s official website (zoom.us), the App Store or Google Play to download the application.
4. Don’t share conference links over social media
Zoombombing, the act of entering a Zoom meeting unauthorised and implementing offensive content, that has occurred over social media.
If there is no other option for hosting a public meeting, users should disable the ‘Use Personal Meeting ID’ option.
5. Protect every meeting with a password
Kaspersky not only recommends protecting your account with one, but your meetings, too. This can ensure that no unwanted guests join the meeting.
Just like conference links, conference passwords, which are enabled by default on Zoom, should be shared amongst the member of the meeting only and not shared on social media.
6. Enable the Waiting Room function
Another way to prevent unauthorised access is to enable Zoom’s ‘Waiting Room’ function, which prevents entry without approval from the host, and is also enabled by default.
This can come in handy if the password for the meeting ends up being publicly shared or given out to an unauthorised user.
7. Consider screen-sharing features
Users should also be careful about sharing their screen view with other participants, say Kaspersky.
An eye should be kept on the following aspects of these features:
- Whether to limit screen-sharing ability to the host or allow all participants to have this ability.
- Allowing for simultaneous screen-sharing from multiple participants.
8. Stay with the Web client if possible
Many client apps that are affiliated with Zoom have demonstrated some kind of vulnerability, according to Kaspersky. These flaws include lack of security for the user’s camera and microphone, and letting websites add users to calls without consent.
Although Zoom has since fixed these issues, a lack of a proper security assessment means that Zoom apps may still be vulnerable, meaning that using its web client is always recommended where possible.
The web client operates in sandbox conditions, allowing for increased security due to an absence of external access permissions.
Additionally, users should aim to limit devices connected to their Zoom account to one if possible, and have this be a spare laptop or smartphone with minimal personal information.
9. Avoid discussing personal or private company details
Zoom recently admitted that its so-called end-to-end encryption meant that one end was its server, so end-to-end encryption wasn't actually being performed.
End-to-end encryption is also on other video conferencing platforms, so Kaspersky does not recommend leaving Zoom on this basis. But, Kapersky does recommend that users avoid revealing personal details, or confidential details relating to trade.
10. Consider who is around you
Finally, Kaspersky stated that users of not only Zoom, but other video conferencing services, be wary about what can be seen or heard on camera, as well as when screen-sharing.
Shoulder surfing is also something else to watch out for during your meeting.