Technology-cybersecurity-zoom-virtual-data-protection

Conducting Zoom meetings more safely and securely

United States Publication April 2, 2020

First, during the COVID-19 pandemic, we hope everyone is well and staying safe.

Second, in this time of social distancing, many of us are working from home, which has dramatically increased the need for virtual meetings. Not only do people need to be productive, but we all need video meetings for our psychic well-being. Not surprisingly, hackers have noticed this uptick and are taking advantage of people who are suddenly using these technologies and do not know how to secure their meetings. The potential risks are obvious, from the theft of valuable confidential information to embarrassing interruptions from strangers, protestors and criminals.

As businesses and schools cope with the “new normal” during the coronavirus “shelter in place” environment, Zoom is a popular choice for videoconferencing meetings and lessons. Unfortunately, hackers have found a way to insert themselves into the meetings and lessons, calling the issue “zoombombing,” where meeting organizers have not properly secured the meetings.

The Boston office of the FBI has offered some tips to help make those calls more secure:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted, publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

The FBI cautioned that other video platforms may have similar vulnerabilities.



Contacts

Head of Data and Information Risk, United States

Recent publications

Subscribe and stay up to date with the latest legal news, information and events...