Zoom, a cloud-based meeting platform, is making into headlines almost everyday. The video-conferencing software has been gaining attention from researchers and journalists lately for a number of potential privacy and security issues. The use of the platform has seen a boom in usage due to increase in coronavirus related remote working. One of the biggest security issues facing Zoom is the increase in "Zoombombing" when uninvited attendees break into and disrupt your meeting.
Zoom is huge these days. The cloud-based meeting platform lets you arrange virtual conferences with video, audio and screen-sharing options. It is a great way to continue conducting business when so many people have to work from home. Ever since rising into popularity, Zoom found itself bombarded by reports of privacy and security issues.
In the wake of COVID-19, people have rushed to the video chat platform due to stay-at-home orders and lockdown. People are massively using Zoom app as their employer or school requires it and to stay in touch with friends and family. But journalists, researchers and regulators have noticed its many security and privacy problems. Zoom will have to follow its security and privacy promises if it wants to regain users’ trust.
Government of India has also released the notice eventually regarding controversy-ridden video conferencing platform Zoom. The Ministry of Home Affairs on April 16, put out a detailed two-page long advisory for Zoom users in India and stated that the video conferencing platform Zoom is unsafe. They have also urged people to protect their virtual meetings from Zoombombing phenomenon where pranksters join Zoom calls and broadcast porn or shock videos.
Zoom has had a rough few weeks. These further led many to quit the platform and cyber security experts to issue advisories. Thankfully, Zoom itself appeared to take matters seriously, roping in key cyber security faces such as ex-Facebook security head Alex Stamos, and more recently Katie Moussouris of the Pentagon bug bounty fame.
What are Steps being taken by Zoom?
Zoom is clearly responding quickly to the issues that have been raised. There are still more issues to address and improvements required, but 20 days after Zoom CEO Eric S. Yuan promised changes, we’re now starting to see exactly how Zoom is responding.
Zoom has released a new Zoom 5.0 update designed to address some of the many complaints that Zoom has faced in recent weeks. With this new update, there’s now a security icon that offers a number of Zoom’s security features. It can be to quickly lock meetings, remove participants, and restrict screen sharing and chatting in meetings.
Zoom is also now enabling passwords by default for most customers. IT admins can now define the password complexity for Zoom business users. Zoom’s waiting room feature is also now on by default for basic, single-license Pro and education accounts. This feature allows a host to hold participants in a virtual room before they’re allowed into a meeting.
Zoom is also improving some of its encryption and upgrading to the AES 256-bit GCM encryption standard. It is an improvement for the transmission of meeting data. Business customers can also control which data center regions will handle meeting traffic for their Zoom meetings after concerns were raised that some meetings were being routed through servers in China.
Steps to be Followed
After all of these improvements from Zoom, there are certain steps which one needs to follow to ensure privacy and safety from user’s end. In the meantime, one must take these steps to increase the Zoom privacy settings and protect meetings from Zoombombing trolls.
Change your background
The space you’re in during a call can expose a lot of information about where you live, your habits, and your hobbies. One can set a virtual background like beach, outer space or anywhere else you can imagine by customizing your background while on Zoom calls.
One can set a virtual background by following the below steps. For this, go to Settings > Virtual Background and select or upload the image you want from there. However, you do have to make sure that your system meets all of the requirements to do so.
Make Sure Chat Auto-Saving Is Off
Zoom has a feature that saves the chat automatically. One must check if Auto saving is ON or OFF. In your Zoom account settings, under In Meeting, make sure Auto saving chats is toggled off to the left.
Mute your Audio and Turn off your Camera by default
In most of the meetings, not everyone needs to have their camera ON. While scheduling a meeting, host can mute audio and camera buttons by default. To do it, go to Settings > Audio > Mute microphone when joining a meeting, and then Settings > Video > Turn off my video when joining or hosting a meeting.
Lock Down Screen Sharing
In your Zoom account settings under In Meeting (Basic), set Screen sharing to Host Only. This means, when you are hosting a meeting, only you(host) can share their screen. No other meeting participants will be able to share their screen.
Depending on the calls you plan to host, you can also turn screen sharing off entirely by toggling it off to the left.
Make Sure Attention Tracking is Off
In your Zoom account settings under In Meeting (Advanced), make sure Attention tracking is toggled off to the left. The attention tracking setting toggled off to the left
Keep the Meeting ID Private
One of the reasons why privacy issues arose is that many people posted the meeting link on their social media groups. Thus, whenever possible, do not post the link to your meeting or the meeting ID publicly. Send it directly to trusted people and groups instead.
After Zoom's most recent update, meeting passwords are now on by default for free Basic and single licensed Pro accounts as well as education accounts. But Zoom passwords can behave in unexpected ways. If you use the “Copy Invitation” functionality to copy the meeting link and send it to your participants, that link might include your meeting password.
If you send the meeting link directly to trusted participants, having the password included in the link will be no problem. But if you post the meeting link in a Facebook group, on Twitter or in another public space, then it means the password itself will also be public. So while copying the invitation link, passwords must be deleted to have privacy. It advisable to set a password and inspect the Meeting Link carefully before sending the link.
To find the password settings, go to your Zoom account settings under Schedule Meeting. Make sure Require a password when scheduling new meetings is toggled on to the right. You’ll find additional password options in this area of the settings as well.
Use Waiting Rooms to Approve Participants
This is the best way to monitor who joins the meeting. After Zoom's most recent update, waiting rooms are now enabled by default. A waiting room allows hosts to screen new participants before letting them join which can help prevent disruptions or unexpected participants.
To find this setting, go to your Zoom account settings > In Meeting (Advanced). Make sure Waiting room is toggled on to the right.
Also Read: Best Webinar Platforms
Lock the Meeting
Last but not the least, this feature has to be used. When everyone has joined the meeting and all your expected participants have arrived, you can lock the meeting to prevent anyone else from joining. For this, at the bottom of the Zoom window, click Participants and select Lock Meeting.