The videoconferencing service Zoom has seen unprecedented use as people can’t meet in person. And with that meteoric rise has come some serious scrutiny and the realisation that Zoom isn’t 100% safe to use.
The company has responded well to this criticism of its privacy policies and other security worries, and has ceased all new feature development so its development team can focus on the current version.
But antivirus software giant Kaspersky says that code updates alone won’t address all the security issues, nor all those related to privacy. Fortunately, there’s a lot you can do if you’re concerned about using Zoom, and here are eight tips you can put into practice today.
How to make Zoom more secure & private
1 Use your work email address
If you’re just joining a Zoom meeting you don’t need to register at all. But if you do have a Zoom account and need to host meetings, then use your work email address. Vice discovered that a glitch in Zoom (which is still not fixed, according to Kaspersky) that considered some email addresses (such as @yandex.kz) to be the same company and then shared those email addresses with other Zoom users.
So to keep your personal email private, use your work address since it shouldn’t be a problem for other people to have this information.
2 Use two-factor authentication
Zoom supports 2FA, which is a much more secure way to log into your account than a simple email and password combo. Why does this matter for Zoom? Well, 2FA is a good idea for any account but it’s also because your Zoom account has a personal meeting identifier (PMI) associated with it, so anyone who has this code can join any meeting you host.
So it’s worth keeping that code as private as you can.
3 Use a meeting password
To prevent people joining in meetings armed with the meeting code, Zoom has now made passwords the default. You can override this, but having a password means only people you want in your meeting should be able to join.
4 Don’t post meeting links on social networks
When you share the link for a meeting with a password, that password is embedded in the link, so make sure you don’t post it on social media, or else anyone who wants to can gatecrash.
Actually, there’s a new phrase coined: Zoombombing. Schools have had problems with perverts joining in online lessons and showing kids offensive content. And trolls have Zoombombed plenty of meetings and caused havoc. So keep those meeting links under wraps wherever possible and share them only with those people who really need them.
5 Use Waiting Room
This is a feature you can turn on and it’s now enabled by default. Anyone joining a meeting goes first to a ‘waiting room’ and the host must approve each person before they appear in the meeting proper.
Hosts can also remove people from meetings back into the waiting room.
6 Use the web version of Zoom
Threatpost found that at the beginning of April the macOS version of Zoom had security holes that could allow a hacker to access a user’s microphone and webcam. And previously there was a vulnerability which allowed any website to add a user to a meeting without their consent.
Both issues have been fixed but Google has still banned its employees from using Zoom for business meetings on company-issued laptops.
Kaspersky also advises against using the apps since there may still be vulnerabilities and using the web version is safer.
That’s because it’s sandboxed and doesn’t have the same permissions as an app installed on your device.
7 Watch out for fake Zoom apps
If vulnerabilities in the official Zoom app sounds bad, then the fake apps are much worse. Quick to exploit anything new, hackers have already used the names of popular videoconferencing apps (including Zoom) in malware.
Kaspersky security researcher Denis Parinov found the number of malicious files containing Zoom and other video app names had tripled compared to the previous month. The best advice is to stick to the official zoom.us website and to only install the app from official app stores on your Android phone, iPhone and Mac.
8 Only use Zoom on one device
Sometimes even using the web browser will automatically download and install the Zoom app, so this is why it’s a good idea to only use Zoom on only one device, such as a spare phone or laptop.
Skype for Business is compatible with Zoom so if you have access to it, you can use that app for Zoom meetings instead.
9 Don’t assume your video is encrypted
Zoom advertises its end-to-end encryption, but security researchers have pointed out that this is almost impossible. When The Intercept asked Zoom if meetings were really end-to-end encrypted, it admitted that it was only encrypted until it reached Zoom’s servers - a technique called transport encryption or TLS.
Zoom itself has access to your meeting, and potentially law enforcement too. Zoom also said that it did not directly access, mine or sell any user data. But you may want to avoid sharing any particularly sensitive information in your Zoom meetings.
Here are some more tips