Zoom Security Tips

Zoom has become a principal tool to keep people, business and yes, even local churches connected since the coronavirus COVID-19 pandemic crisis caused “Stay-at-Home” and “Shelter-in-Place” orders across the globe. (Zoom usage went from 10 million in December 2019 to 200 million in March). When you combine that kind of quick growth (which means many users are new and inexperienced with the tool) and a bunch of online miscreants with even more time on their hands than a month ago, hacking is something of which to be aware. The FBI reported this week that “Zoombombing” incidents are occurring across America, which has led to folks asking “Is Zoom safe to use?” The short answer is yes. However, just like with any online activity, users must be smart and cautious when using the tool.
 
Here are three simple steps that go a long way in preventing the Zoombombers from hijacking your online meeting.
  1. Do not share meeting links publicly. This is perhaps the single most obvious precaution you can take. Rather than posting a meeting link to a Facebook group or in a promotional tweet or IG post, distribute the link via a more private method, such as email. And copy and paste the meeting link from the ZOOM tool when you create the meeting vs. using the invite others to the meeting button provided in the tool. This extra few seconds will make your meeting much more secure.
  2. Set your meetings to “private” and require a password. Zoom now sets all new meetings to “private” by default, requiring attendees to provide a password for access. But users often opt to make meetings public for the sake of convenience. The slight inconvenience of requiring a password is probably worthwhile in keeping your meeting safe.
  3. Make it a webinar and restrict video sharing. This is especially pertinent if you are using Zoom to host your worship service or another presentation that doesn’t involve active participation and comments from viewers. If the meeting host is the only person who needs to share video, such as in a seminar or presentation, the host should change Zoom’s screen-sharing setting to “Host only.”
 
The following FAQ is from an article featured on Fortune.com. Please click here to read the entire article.
What is Zoombombing?

Many Zoombombing incidents have amounted to a form of trolling. Hackers gain access to a Zoom meeting and attempt to disrupt the video chat and upset participants by shouting profanity or racial slurs, or putting disturbing or offensive images in their video feed.

 

How are hackers joining Zoom meetings they aren’t supposed to be in?

The majority of Zoombombing attacks appear not to be the product of flaws in Zoom’s code, but rather of users’ overall cybersecurity hygiene and their imperfect command of Zoom’s privacy settings.

 

If a Zoom meeting is set to public, it can be accessed by anyone with the correct link. According to Roy Zur, cofounder and CEO of cybersecurity firm Cybint, bad actors can find these addresses simply by searching for “zoom.us” on social media sites like Facebook, where public meeting links are often posted.

 

How can I prevent Zoombombing of my meetings and video calls?

There are several important, mostly straightforward ways to protect your meetings. Zoom recommends that users read this detailed guide, which covers precautions for keeping their meetings safe.

 

Most importantly, Zoom users should not share meeting links publicly. This is perhaps the single most obvious precaution you can take. Rather than posting a meeting link to a Facebook group or in a promotional tweet, distribute information via a more private method, such as email.

 

Second, set your meetings to “private.” Zoom now sets all new meetings to “private” by default, requiring attendees to provide a password for access. But users often opt to make meetings public for the sake of convenience. Given the wave of Zoombombings, the inconvenience of requiring a password is probably worthwhile in keeping your meeting safe.

 

Also, don’t use your personal meeting ID. Every registered Zoom user has a personal meeting ID, linked to what is essentially a permanent virtual meeting room. Because that ID doesn’t change, sharing it publicly increases the chance that future meetings using your personal ID might be Zoom bombed. To avoid the risk of Zoombombing, share your personal meeting ID only with your most trusted contacts. Generally, while Zoom will prompt you to use your personal ID for “instant” meetings, scheduled meetings will use a one-time meeting ID, reducing risk.

 

Finally, restrict video sharing. If the meeting host is the only person who needs to share video, such as in a seminar or presentation, the host should change Zoom’s screen-sharing setting to “Host only.”

 

Is Zoom safe to use?

Yes. However, given the wave of Zoom bombings, you might suspect there's a problem with the Zoom software. Zoom is generally doing a good job on security, and the bulk of Zoom bombings are most likely due to lax user practices rather than bugs. However, the very popularity of Zoom may inherently make it riskier.