Zoom Security

In today's online marketplace security of communications is vital to your organisation's privacy and data security. Zoom meeting security is a key component of a total security plan for your organisation when working remotely.

Zoom provides video a conferencing facility and other productivity and teaming services.  Just like most cloud services Zoom has a number of security flaws which need careful consideration before Zoom is used.

While Zoom are busily working to remediate the known flaws in their software, there are a number of configuration and policy/use changes which you can make to help secure your Zoom experience.

Zoom provide some security advice here:

https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf

 

Depending on your implementation (using Zoom Room components or entirely Web based) there are a number of security configuration changes you can make to improve the security on your Zoom meetings.

Some threats to consider are:

  • Device Compromise – having a device compromised and remotely controlled using the video camera and microphone to capture meeting details and other information.
  • Systems Compromise – Use of the Zoom device to attack internal systems.
  • Interception of communications – The real-time interception of meeting comms
  • Unauthroised Access – An unauthorised person may be able to attend the meeting through poor security configuration of meeting settings.
  • Stored video recordings – May be stolen, or used for nefarious mean from the Zoom platform.

Has your Zoom implementation been securely configured to defeat these potential attacks on your privacy and company information ?

Here is a basic starter for 10, configuration and use guide to help keep your Zoom experience secure:

  1. Generate a random meeting ID, rather than sharing a link
  2. Allow only signed-in users to join the meeting
  3. Disable the “join before host” feature (if your administrator has not already disabled it)
  4. Enable the waiting room feature
  5. Only send the meeting invite information to required people
  6. Ensure the password is set for every meeting
  7. Send the meeting password via a separate channel (i.e txt/SMS or phone)
  8. Lock the meeting once all participants have joined
  9. Develop policy for the information to be shared and use of Zoom
  10. Do not store or record meetings

 

Contact your CANDA Zoom Security experts for a full consultation and review

Contact CANDA ICT Security Experts for assistance

 

Our experienced team at CANDA are experts in everything ICT security-related and can provide a range of services to ensure your agency meets NZISM requirements.

As New Zealand’s trusted and impartial experts on guiding agencies through the Certification & Accreditation process, we have extensive experience in resolving your security and risk concerns.

Contact CANDA today to speak to one of our team and learn more about how we can help.

CONTACT CANDA