November 4

0 comments

Zoom: Best Practices for Securing Your Meetings

Who would have imagined that one day we all might have to conduct our daily business virtually? A dramatic shift to remote work situations has made the Zoom platform very popular for business.

However, many security and privacy issues were reported in April 2020. Zoom's CEO Report mentioned that the 90-day program on 7 commitments has permanently embedded security and privacy in Zoom's DNA. Here are some of the best security features and functions available with zoom for securing meetings.

1. User security based on their Role

In February 2020, there were many issues during the Zoom meetings like Zoom Bombing, disruption by random participants, limited screen sharing/audio options. Nowadays, the meeting host can have many security capabilities such as creating a waiting room, ending/locking a meeting, muting/unmuting the participants, enabling/disabling participants to record, waiting screen, screen share watermarks, screen sharing special functionality. The features also let participants mute/unmute, turn off/on videos. Therefore, after fixing many security concerns, Zoom provides user security based on their roles.

2. Enter via authentication for both host and client

Zoom has become a great "attack surface" for hackers and, indeed, they will try to get-in in every possible way. The new data from BrandShield shows that hackers have registered lots of Zoom-related phony domains and are in the process of malware specifically for a Zoom that can turn on the webcam, take screenshots and log keystrokes.

For authentication, a host should use their Zoom ID and password to start a meeting, whereas any client attempting to join a meeting uses a unique per-client, per-session token. Therefore, to successfully enter the meeting, each authenticated participant should have a unique session token for that session parameter, uniquely generated by zoom. Setting up two-factor authentication helps to have protection over your fingertips.

3. Avoid joining Zoom meetings through Zoom desktop software

Zoom desktop software has become very famous as well as convenient for the user. The drawback of the software is that after an app is installed on the desktop, it gives automatic permission to perform many activities. According to the information-security company Kaspersky, "The web version sits in a sandbox in the browser and doesn't have the permissions an installed app has, limiting the amount of harm it can potentially cause." Therefore, the web version of Zoom gets security intensification faster. So, while joining the meeting, it is advised to click the link "join from your browser" rather than clicking on the use or install the Zoom desktop software.

4. Protect meeting through passcode

Asking participants for a passcode before a meeting allows the host to have full control over uninvited guests from joining a meeting. Even if the uninvited individual gets a link through tricky ways, they will not enter the meeting.

5. Share contents securely during the meeting

Zoom successfully fixed the problem of encrypting audio and video content flowing between zoom clients and implemented a decryption system until it reaches the recipient's devices. Therefore, the Zoom can encrypt all real-time media (audio, video, screen sharing) using the AES-GCM with 256-bit keys and other data using the TLS encryption standard. It also provides visual identification of every participant in the meeting.

6. Have control over meeting according to your availability

The host can have full control over the upcoming or previous meeting by editing/deleting the meeting. The host can also allow participants to join the meeting after the host has started or vice versa. It is always advised to let the participants enter the room after the host has started.

Though many things have gone wrong with Zoom, most of the flaws have been fixed in the beginning. To find out more about Zoom best practices, please visit:

About Allari

Allari implements customized service plans for IT Operations & Cyber-security which allow you to complete a higher volume of planned work, gain the capacity to innovate and help your business to win.

Subscribe to the best newsletter there is.

You won't regret it!


Tags

Authentication, Best Practice, content sharing, control, Passcode, Zoom


About the author

Priya Thapa

Inspired by Allan Turing, who is considered to be the father of Theoretical Computer Science and Artificial Intelligence, I am very fascinated by cryptography and deciphering secret codes. I have an interest in Network, Application, and Information Security.

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>