5 things you can do today to make Zooming safer

04.04.20 01:09 PM By Scott Pettie

1. Patch early, patch often

Zoom’s own CEO just wrote a blog post announcing a “feature freeze” in the product so that the company can focus on security issues instead. It’s much easier to do that if you aren’t adding new code at the same time.

Why not get into the habit of checking you’re up-to-date every day, before your first meeting? Even if Zoom itself told you about an update the very last time you used it, get in the habit of checking by hand anyway, just to be sure. It doesn’t take long.

By the way, we recommend you do this with all your software – even if you have been using your operating system’s or an app’s autoupdating for years and it’s always been on time, a manual cross-check is quick and easy.

Zoom’s guide is here: Where do I download the latest version?

2. Use the Waiting Room option

Set up meetings so that the participants can’t join in until you open it up.

And if you suddenly find yourself “on hold until the organizer starts the meeting” when in the past you would have spent the time chatting to your colleagues and getting the small talk over with, don’t complain – those pre-meeting meetings are great for socializing but they do make it harder to control the meeting.

Zoom has a dedicated article on the Waiting Room feature.

3. Take control over screen sharing

Until recently, most Zoom meetings (or at least the ones we attended in the not-too-distant era before coronavirus) took a liberal approach to screen sharing.

But the term ZoomBombing entered our vocabulary very forcefully about two weeks ago, when a public “Happy Hour” meeting that was supposed to buoy everyone’s morale turned into an HR nightmare when one of the participants, who had entered under a false name, started sharing pornographic filth. (Unhappily for the organizer of the meeting, he’d chosen that day to invite his parents along as guests of honour.)

Actually, it’s not just screen sharing that can cause trouble. There are numerous controls you can apply to participants in meetings, including blocking file sharing and private chat, kicking out disruptive users, and stopping troublemakers coming back.

Zoom has a dedicated article on Managing participants in a meeting.

4. Use random meeting IDs and set meeting passwords

We know lots of Zoom users who memorized their own meeting ID long ago and had fallen into the habit of using it for every meeting they held – even back-to-back meetings with different groups – because they knew they’d never need to look it up.

But that convenience is handy for crooks, too, because they already have a list of known IDs that they can try automatically in the hope of wandering in where they aren’t supposed to be.

We recommend using a randomly generated meeting ID, and setting a password on any meeting that is not explicitly open to all. You can send the web link by one means, e.g. in an email or invitation request, and the password by another means, e.g. in an instant message just before the meeting starts. (You can also lock meetings once they start to avoid gaining unwanted visitors after you’ve started concentrating on the meeting itself.)

Zoom has a dedicated article on Meeting and webinar passwords.

5. Make some rules of etiquette and stick to them.

Etiquette may sound like a strange bedfellow for cybersecurity, and perhaps it is.
But respect for privacy, a sense of trust, and a feeling of social and business comfort are also important parts of a working life that’s now dominated by online meetings.

If you’re expected or you need to use video, pay attention to your appearance and the lighting. (In very blunt terms: try to avoid being a pain to watch.) Remember to use the mute button when you can.appearance and the lighting. (In very blunt terms: try to avoid being a pain to watch.) Remember to use the mute button when you can.

And most importantly – especially if there are company outsiders in the meeting – be very clear up front if you will be recording the meeting, even if you are in a jurisdiction that does not require you to declare it. And make it clear if they are any restrictions, albeit informal ones, about what the participants are allowed to do with the information they learn in the meeting.

Etiquette isn’t about keeping the bad guys out. But respectful rules of engagement for remote meetings help to make it easy for everyone in the meeting to keep the good stuff in.

Source – https://nakedsecurity.sophos.com/2020/04/03/5-things-you-can-do-today-to-make-zooming-safer/

Scott Pettie