Lockdowns have made video chat service Zoom wildly popular around the world. Zoom was designed to be "frictionless" - so friends, family and fellow staff could join ca call, even with zero technical knowledge. But the trade-off has been a wobbly reputation around security and privacy. Using Zoom on its default security settings can cause problems like "Zoom bombing" (uninvited guests leaving often racist or pornographic content) or recorded meetings being inadvertently shared. Here, Don Christie, a director of the independent NZ IT services company Catalyst, offers some easy tips to secure your next Zoom call.
The global response to the Covid-19 pandemic has seen many organisations rush to adopt video conferencing.
While video conferencing has been a useful tool to keep our teams connected, it has also significantly increased privacy and security risks to organisations, and their employees and clients.
• Covid-19 coronavirus: Zoom gets pulled from NY schools, NZ Ministry of Education reacts
• Zoom boss 'deeply sorry' over security claims, NZ expert unconvinced
• Thousands of Zoom videos public on the web - report
• Why is PM using Zoom amid sharp questions about its security?
Regrettably, some platforms, Zoom for example, are insecure by design. With reports of actively misleading users about its end-to-end encryption, and routing encryption keys through China when none of the participants were in that country, organisations should be far more wary, and, taking a closer look before rushing to adopt a popular solution, while more secure and securable platforms such as BigBlueButton and Jitsi, should be considered.
If, however, you are required by a client to join a Zoom meeting, you can minimise some of the privacy and security risks by adopting the following practices:
• Keep your meeting links off social media
• Do not use your Personal Meeting ID (PMI) to host public events. Instead, generate a random ID.
• Choose "only host" for screen sharing control during a meeting
• Only allow signed-in users to join a meeting.
• Use the "lock" feature to prevent random users from joining in. You might also want to consider using the Waiting Room, which lets you vet people one-by-one before they join the meeting
• If you are gatecrashed, hover over the user's name in the Participants menu to bring up a "remove" option.
• Whenever possible, call in to the meeting using your phone instead of connecting via your computer.
These recommendations can also be applied to the evaluation of other video conferencing platforms.
These tips apply to all the popular services.
• If your organisation has specific requirements around data sovereignty, review the service provider's terms and ensure that their practices and infrastructure are aligned with them.
• Ensure a password or passcode is set for the meeting. Services that do not provide this functionality should be considered insecure by design.
• Similarly, choose more complex meeting names, to reduce the risk of bad actors guessing your meeting ID.
• Independently of what service provider you use, it is important to maintain security awareness among your staff on the use of the service that has been selected.