Zoom Meeting Security: What You Should Know

Because of the COVID-19 pandemic, millions of people are now working from home, and schools are holding virtual classrooms. Zoom has become a popular platform for these virtual meetings. The amount of users has grown from 10 million to 200 million in just 4 months.

But the company’s security issues and privacy risks have come into question and it’s drawing a lot of attention. Recent news has been full of reports ranging from Facebook data-sharing to “Zoombombing” where uninvited people attend meetings.

Here is a quick breakdown of what’s going on and our recommendations:

Potential Issues

• “End to End Encryption” isn’t truly end to end, especially when using 3rd party calling solutions (calling into the meeting instead of using computer audio)
• Rooms without passwords have the risk of someone jumping into the room at any time if they can find out or guess the URL to the meeting
• Zoombombing is where an uninvited guest shows up in a meeting and shares their desktop to the rest of the room. They could display inappropriate content or generally interrupt the meeting.

Recommendations

• Always require a password to enter a meeting
• Set the default for who can screenshare to “Host only”
• Always enable a waiting rooms for attendees (then the host needs to allow each person to join the meeting)
• Set all attendees to join with video disabled (they can then manually enable it)

If you are extremely concerned about a lack of true end to end encryption because you are in a highly regulated environment or for personal preferences, we recommend using Webex from Cisco instead. Their prices are reasonable and they have true End to End Encryption.