Protect your Zoom experience against security threats.
Zoom provides video a conferencing facility and other productivity and teaming services. Just like most cloud services Zoom has a number of security flaws which need careful consideration before Zoom is used.
While Zoom are busily working to remediate the known flaws in their software, there are a number of configuration and policy/use changes which you can make to help secure your Zoom experience.
Read on for a few basic ways to protect yourself and your company from cyber attacks.
Zoom provide some security advice, and it is being updated regularly, here is the current white paper:
Key Threats to Consider:
- Device Compromise – having a device compromised and remotely controlled using the video camera and microphone to capture meeting details and other information.
- Systems Compromise – Use of the Zoom device to attack internal systems.
- Interception of communications – The real-time interception of meeting comms
- Unauthroised Access – An unauthorised person may be able to attend the meeting through poor security configuration of meeting settings.
- Stored video recordings – May be stolen, or used for nefarious mean from the Zoom platform.
Secure your Zoom configuration:
Here is a basic starter for 10, configuration and use guide to help keep your Zoom experience secure:
- Generate a random meeting ID, rather than sharing a link
- Allow only signed-in users to join the meeting
- Disable the “join before host” feature (if your administrator has not already disabled it)
- Enable the waiting room feature
- Only send the meeting invite information to required people
- Ensure the password is set for every meeting
- Send the meeting password via a separate channel (i.e txt/SMS or phone)
- Lock the meeting once all participants have joined
- Develop policy for the information to be shared and use of Zoom
- Do not store or record meetings
Consult the experts
A strong and effective security strategy and configuration for Zoom can greatly reduce the risks associated with using this platform.
If you don’t have in-house expertise contact us for a review and risk assessment of your current configuration and use case, so that we can provide you the assurance needed for the safe use of Zoom in your organisation.
CANDA can provide comprehensive security consultancy services, covering everything from cloud security to ICT certification and accreditation. Take a look at what we can offer your organisation as you consider shoring up against the threat of cyber attacks.