Here’s how you can greatly improve your Zoom privacy and security in a few simple steps
Zoom is attracting a lot of attention in the media due to the mass uptake of videoconferencing services during the near global lockdown due to COVID-19. They are adapting to sudden global overnight demand and success, something most companies can only dream of. Companies, like Zoom, offer free products and services to attract new users; making it free removes the barrier of that payment imposes and hopefully locks the user in to a service long term. Then at some stage the user may become a paying customer, either for additional functionality on the service they use or for other products offered by the company.
Some organisations are now reflecting on their hasty decision to use Zoom and are migrating away to other videoconferencing services that suit their needs more appropriately. According to TechCrunch, New York City banned schools from using Zoom, citing security concerns – but a city spokesperson also did not rule out returning to Zoom. The reason organisations fled to Zoom as a de-facto standard is due to the simplicity or the user experience and that it offers a free solution. This enabled organisations to adopt the service quickly with no training and removed the need to raise purchase orders.
Not all organisations may be in a position to evaluate other options or commit to paying for a service, especially in the small business sector where companies are struggling just to survive, or education districts that are strapped for cash. If you have made the decision to use Zoom, below are my suggested recommended settings that are best used in tandem with our article from yesterday on how to password-protect your Zoom meetings.
Setting up a Zoom meeting
Always use the auto generation: every meeting will then have a different Meeting ID. If one Meeting ID becomes compromised, then it will only apply to a single meeting rather than every meeting you host.
This does not mean a password is required by the user to join: see our blog from yesterday. The requirement for a password should remain checked. For it to be effective, however, the embed password option must be disabled; see below.
Starting a meeting with video off avoids any embarrassing moments; users will need to explicitly switch on video sharing during the meeting.
The host will need to admit each participant to the conference room; full attendee control is in the host’s hands.
In the same spirit of video being switched off, forcing someone to unmute means they don’t join while speaking to someone else and being overheard.
There are additional settings that need to be considered; they are available within the web client rather than the Zoom application. After logging in on the left-hand side, click on the ‘Settings’ option that appears under ‘Personal’. Below are the settings that I recommend changing from their default option.
Switching this off removes the one-click option and stops the password being embedded in the meeting link. This means every attendee will need to enter the password to join the meeting. Set this in conjunction with the setting in the meeting creation options as above.
This stops any participant sharing their screen, the host can pass control of the meeting to another participant by making them the host so they can share their screen. This recommendation may not work in all environments; for example, in education it may not be desirable to pass host control to a student. Consider the consequences of allowing all participants to screen share and whether limiting to ‘host only’ is the best option.
Consider switching this off as viewing what’s in the background could be a visual check that ta participant is not inadvertently sharing sensitive content in a public place such as a coffee shop.
See the description given above in the ‘setting up a meeting’ section.
Apple iOS devices screen capture applications to display images in the task switcher; enabling this stops confidential data being captured and displayed in the task switcher.
Full article attribution is made to its original source and author.