Partnered Solutions IT

541.255.4980Contact / Tech Support
  • Managed Services
  • On-Premises Infrastructure
  • Cloud Solutions
  • Business Continuity
  • Our Company
  • Blog
  • Managed Services
  • Cloud Solutions
  • On-Premises Infrastructure
  • Business Continuity

How To Use Zoom Safely: The Big Questions Answered

by OMC Ruby Porter / Wednesday, 08 April 2020 / Published in Secure

Partnered Solutions’ Chief Security Officer and Chief Operating Officer weigh in on the big questions surrounding the security of the video conferencing tool, Zoom.

What makes Zoom such a popular choice over other programs like WebEx, Go To Meeting, or Blue Jeans?

The main features of Zoom are ease of use and inter-operability with phones, tablets, and computers. Since there is also a browser plugin, it’s easy to get an invitation and have the application installed and joining a meeting within a few minutes. It makes other programs seem clunky and inelegant.

Then, there’s the practical point of view: Zoom got ahead of the other companies because they offered their service for free—which also made them an attractive target for pranksters and hackers.

What are the vulnerabilities of Zoom?

The problems with Zoom are directly tied to the benefits. It’s easy to jump into a meeting without having to make an account if you’re a participant. You don’t even need to verify your email address, which means it is open to anyone who may wish to troll your meeting. Until recently, room passwords weren’t mandatory, and it wasn’t even that difficult to guess a random 9-digit number to find an active Zoom meeting.

Moreover, there are other structural issues for Zoom in terms of vulnerability, and they have some skeletons in their closet. Zoom isn’t end-to-end encrypted, and it works around macOS restrictions to allow the app to function–which also leave macOS users particularly vulnerable to hacks.  Zoom is currently in the middle of a class-action lawsuit for selling user information to Facebook.

What are some everyday best practices when using Zoom, to avoid being “Zoom-bombed”?

Step one: Don’t publish your zoom meeting code publicly and have a password on your Zoom meeting. Consider using different passwords if you have recurring meetings, just like you’d change your computer password on occasion.

Step two: Make sure you have the most recent version of the app or the browser extension installed, so that you’re sure to have the latest security improvements as they’re rolled out.

Step three: Unless you really trust the people in your meeting, it’s not a good idea to click on links in the chat. Moreover, it’s always a good idea to make sure your other account passwords are more than 12 letters long, so that if there is a malicious link, hackers don’t have immediate access to your information.

Beyond that, there are a host of tools at your disposal. Use the lobby feature to actively allow participants into your room, and set the permissions to prevent other attendees from sharing their screens. Be aware of how you can mute all participants, and don’t be afraid to use it.

If people are going to use Zoom to share sensitive information, how should they do it?

It’s always better to err on the side of caution, so it’s probably best not to use Zoom to discuss sensitive information.

If people need to share sensitive information, what options are there other than using Zoom?

You should seek out tools that are HIPAA-compliant, of which there are many. There is also a HIPAA-compliant edition of Zoom, but given how many known security issues there are, you may be better served with another vendor.

Outside of that, if you need to pass any along, use a service designed for it, like encrypted email service. Your identity and security are worth it to take the extra steps necessary to protect yourself.

What you can read next

Ransomware
Protect Yourself Against Ransomware
We are pleased to announce the opening of our Medford office!
Password
Security Basics: Password Best Practices

Search

Categories

Get in Touch







    This site is protected by reCAPTCHA and the Google. Privacy Policy and Terms of Service apply.

    psit-color-bars

    MANAGE

    Managed Services

    Business Continuity

    Cloud Solutions

    SECURE

    On-Site Training

    Compliance Auditing

    Vulnerability Scans

    OPTIMIZE

    DevOps

    Business Automation

    Hardware Lifecycle

    Phoenix Business Solutions, LLC

    Partnered Solutions IT is a division of Phoenix Business Solutions, LLC.

    Copyright © 2022 Partnered Solutions IT
    Website developed by Partnered Solutions IT and designed by Ruby Porter

      


      

    TOP