With social distancing and quarantine measures implemented around the globe, people quickly started searching for effective means of communicating with each other. With its reported ease of use and attractive pricing, Zoom quickly rose in popularity.
With so much use, Zoom’s flaws came rapidly to light. The company handled the tremendous increase in workload seamlessly and quickly reacted to security researchers’ discoveries.
However, just like with each and every service, code updates will not address every complaint – with that in mind, here are 10 security and privacy tips for Zoom users:
- Protect your account
A Zoom account is just another account, and in setting yours up, you should apply the basics of account protection. Use a strong and unique password, and protect your account with two-factor authentication. This makes your account harder to hack and better protected, even if your account data is leaked.
There’s at least one more Zoom-specific catch: After you register, in addition to your login and password you get a Personal Meeting ID. Avoid making it public. And because Zoom offers an option to create public meetings with your Personal Meeting ID (PMI), it’s quite easy to leak that ID. If you do, anyone who knows your PMI can join any meeting you host, so share this information prudently.
- Use your work e-mail to register with Zoom
A glitch in Zoom causes the service to consider emails of the same domain — unless it’s a really common domain such as @gmail.com or @yahoo.com — as belonging to one company, and it shares their contact details with each member of that group.
So, to register with Zoom, use your work email. Sharing your work contact details with your real colleagues should not be a big deal. If you don’t have a work email, use a burner account with a well-known public domain to keep your personal contact details private.
- Don’t fall for fake Zoom apps
As Kaspersky security researcher Denis Parinov discovered, this March the number of malicious files incorporating the names of popular video conference services (Webex, GoToMeeting, Zoom, and others) in their filenames had roughly tripled in comparison with the numbers he found month by month over the previous year.
That most likely means malefactors are ramping up their abuse based on the popularity of Zoom and other apps of its kind, trying to disguise malware as videoconference clients.
It’s advised to use Zoom’s official website — zoom.us — to download Zoom safely for Mac and PC, and to go to the App Store or Google Play for the mobile versions.
- Don’t use social media to share conference links
Sometimes you want to host public events, and often times online events are the only type of public events available – this means Zoom is attracting more and more people. But even if your event is truly open to everyone, you should avoid sharing the link on social media.
Otherwise, there’s a chance that trolls can disrupt your meeting with offensive content, this phenomenon is now called Zoombombing.
- Protect every meeting with a password
Setting up a password for your meeting remains the best means of ensuring that only the people you want in your meeting can attend it.
Recently Zoom turned password protection on by default, which is a good move. And like meeting links, meeting passwords should never appear on social media or other public channels, or your efforts to protect your call from trolls will be in vain.
- Enable Waiting Room
Another setting that gives you more control over the meeting, is Waiting Room — recently enabled by default — makes participants wait in a “waiting room” until the host approves each one.
That gives you the ability to control who joins your meeting, even if someone who wasn’t supposed to participate somehow got the password for it. It also lets you kick an unwanted person out of the meeting — and into the waiting room.
- Pay attention to screen-sharing features
Every normal videoconference app offers screen-sharing — the ability of one participant to show their screen to the others — and Zoom is no exception. Some settings that are worth keeping an eye on:
- Limiting screen-sharing ability to the host or extending it to everyone on the call;
- Letting multiple participants share screens simultaneously.
- Stick with the Web client if possible
The various Zoom client apps have demonstrated a variety of flaws. Some versions let hackers access the device’s camera and microphone; others let websites add users to calls without their consent. Zoom was quick to fix the aforementioned problems, as well as other, similar ones, and it stopped sharing user data with Facebook and LinkedIn.
However, since this threat is possible, we recommend using Zoom’s Web interface instead of installing the app on your device, if possible. The Web version sits in a sandbox in the browser and doesn’t have the permissions an installed app has, limiting the amount of harm it can potentially cause.
- Make sure you always have the latest version of Zoom installed
Updating apps as soon as the new version comes out is always a good idea — in the vast majority of cases such updates include fixes for serious security bugs that have been found in the previous version. Zoom is no exception, so it is likely that the newer version will be addressing certain issues and improving the security of the program.
- Think about what people can see or hear
This one applies to every videoconferencing service, not just Zoom. Before you jump on the call, take a moment to consider what people will see or hear when you join the call. Even if you’re home alone, they may expect you to be fully dressed. Basic grooming is probably a good idea.
The same holds true for your screen if you plan on sharing it. Close any windows you’d rather others not see, whether it’s a surprise gift you’re buying online for another person on the Zoom call or a job search your boss doesn’t need to know about.