How to secure Zoom meetings

Zoom, an easy to use remote conferencing software, has seen its user base grow exponentially in recent weeks as more people work from home due to the COVID-19 pandemic.  Zoom founder Eric Yuan even stated in a recent blog post that the maximum number of daily meeting participants (both free and premium users) has increased from about 10 million in December to 200 million in March.

But Zoom has come under fire lately due to the discovery of a number of security vulnerabilities and poor privacy practices found in its software. Cybercriminals are also taking advantage of those vulnerabilities, and the spike in Zoom’s usage to bomb meetings (gate-crash Zoom meetings), and to trick users into downloading malware on their devices through fake “Zoom” websites. So, while Zoom continues to strengthen its own security measures, here is what you need to do when using the platform to ensure your zoom meetings are as secure as possible.

How to use Zoom Securely

Below is a quick overview of how to ensure your Zoom meetings are as private and secure as possible. We’ll go into each of these in more detail later on.

Here’s how to keep your Zoom meetings secure:

  1. Update your application
  2. Set meeting passwords
  3. Use random meeting IDs
  4. Enable waiting room
  5. Disable “File transfer”
  6. Disable “Allow removed participants to rejoin”
  7. Disable “Join before host”
  8. Restrict permissions and screen sharing
  9. Don’t share Zoom details on public forums

Update your application

The need to keep your applications up to date cannot be over-emphasized. Software vendors regularly release updates to patch known vulnerabilities on their applications to keep users secure. Users are generally encouraged to get into the habit of updating their apps from time to time to stay secure.

In response to its numerous security and privacy issues, Zoom has released updates to fix some of the known vulnerabilities. Zoom’s latest updates hides Meeting ID numbers from the title bar, includes a built-in security menu button in the meeting host’s toolbar as well as moving the invite button. Zoom’s updates will likely keep coming as the company continues to battle its many security and privacy issues.

You can update your Zoom application via either of the following methods:

  1. Prompted: This method downloads automatically or prompts the user to download when there is no meeting in-progress. It delivers important updates with useful feature enhancements and/or critical bug fixes.
  2. Manual: This method delivers ad-hoc downloads with minor enhancements and/or minor bug fixes. You can obtain it directly from the Download Center or by clicking “Check for updates”, under your profile picture or initials in the top-right corner of your Zoom desktop app as shown on the screen-shots below.

zoom update screenshot

Set meeting passwords

As simple as this may sound, setting a password adds an extra layer of security to your meeting, especially for those that are open to everyone. Thankfully, Zoom has turned on passwords by default for new meetings, instant meetings, meetings you joined with a meeting ID, and for previously scheduled Zoom meetings.

Users are encouraged to take advantage of those features to secure their meetings. But remember that the primary objective of the meeting passwords would be defeated if they are shared publicly on the internet alongside a corresponding link or ID.

To set your meeting password, follow the steps below:

  • Log on to your Zoom web account and click on “Meetings” under the section named “Personal” on the left-hand side

  • Click on “Schedule a New Meeting”

  • Scroll down to “Meeting Password” section, here you can set your meeting password or use generated password as shown on the screen-shot below.

Tip: Use strong, unique passwords with all of your online accounts: Test your password strength here.

Use random meeting IDs

If you’re using meeting IDs instead of links to host public events, ensure you use a randomly generated ID rather than your personal meeting ID to host the public event. This is one sure way to avoid getting your online meetings hijacked.

Most people find the use of personal meeting ID convenient, especially for meetings frequently held with work teams. But that convenience can sometimes leave the meeting exposed to crashers if they get to know your ID. If you share your personal meeting ID publicly, it allows anyone who sees it to not only join the scheduled meeting, but to also crash your personal virtual space at any time.

Follow the steps below to enable random meeting ID:

  1. Log on to your Zoom web account and go to Meetings > Schedule a New Meetings
  2. Scroll down to “Meeting ID” section and select “Generate Automatically”

Enable Waiting Room

The “Waiting Room” option gives users the power to block unwelcome guests. The Waiting Room is a virtual place where people are put on hold. It is a superb method of monitoring who is coming into your meeting. The host of the meeting can vet participants before allowing them to join the call. This feature will become a default setting as part of Zoom’s latest security measures.

To enable Waiting Room when scheduling a meeting, follow the steps below:

  1. Go to your Zoom settings on the web and click “In Meeting (Advanced)”
  2. Enable “Waiting Room”

Disable “File transfer”

This prevents infections from malicious applications masquerading as files especially during public events with unknown participants. Follow the steps below to disable file transfer:

  1. Go to your Zoom settings on the web and click “In Meeting Basic)”
  2. Disable “File transfer” and click the “Save” button to at the bottom save the setting

Disable “Allow removed participants to rejoin”

Disabling this feature prevents previously removed meeting participants to rejoin. Follow the steps below to disable this feature:

  1. Go to your Zoom settings on the web and click “In Meeting Basic)”
  2. Disable “Allow removed participants to rejoin” and click the “Save” button at the bottom to save the setting

Disable “Join before host”

Disabling this feature ensures that no participant joins the meeting before the host. Follow the steps below to disable this feature:

  1. Log on to your Zoom web account and go to Meetings > Schedule a New Meetings
  2. Scroll down to “Meeting Options” section and uncheck “Enable join before host” if checked

Restrict permissions and screen sharing

You can restrict what participants can do during meetings, this is particularly useful if you want to limit the powers of any difficult participant. One way to do this is to ensure that only the host has the capability to share their screen.

To limit screen sharing, follow the steps below:

  1. Go to your Zoom settings on the web and click “In Meeting (Basic)”
  2. You’ll see a Screen sharing option
  3. Select “Host Only” under “Who can share” to stop anyone except you from screen sharing
  4. Click the save button to save the setting

Another way to restrict or shut out unwanted participants is to lock your meetings. When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password.

In order to lock meeting, follow the steps below when you’re in the meeting:

  1. Click “Participants” at the bottom of your Zoom window
  2. In the “Participants” pop-up, click the button that says “Lock Meeting”

Don’t share Zoom details on public forums

You should be careful how you share your meeting links. Most Zoom meetings have a public link that, if clicked, allows anyone to join. Posting it on a public platform such as Facebook or your public twitter feed increases the risk of Zoom bombing because cyber crooks may find these links and collect it. Therefore, in order to mitigate this sort of risk, avoid sharing your meeting link in public places on the internet.

Conclusion

We hope that the above tips and tweaks will help you secure your zoom meetings. However, if your meetings require a high level of confidentiality, then it may make sense to keep it off Zoom. This is because Zoom does not fully implement end-to-end encryption to guarantee your required level of confidentiality; which means that Zoom may have access to your unencrypted meeting content. Zoom recently admitted that it falsely marketed one of its proprietary implementations as end-to-end encryption.  Nonetheless, depending on your risk level or use case, most people generally find Zoom’s security satisfactory for their day-to-day use.