Zoom, the popular Web Meeting platform have come under fire recently, but it's not because the platform itself is necessarily insecure. Its the people that use it that are not using it securely!
Everything that Xynics do as a business is about helping businesses control information and systems, engendering stability and security in the business from the ground up.
COVID-19 has been a challenge for us all, particularly when nearly all of us are working remotely.
It is for this reason that Zoom's daily web meetings have soared from approximately 10 million per day to in excess of 200 million daily meetings according to Zoom’s Chief Exec, Eric Yuan.
As with any popular online service, Zoom have become the target for bad press and people with less than moral intent.
There are countless stories of Zoom Bombing (just google it for the latest incidents). The most recent one appearing to be on 3rd April where a schools Web Meeting had an uninvited guest displaying XXX pornography (https://www.tes.com/news/coronavirus-head-warns-pupils-after-zoom-porn-attack) leading to guidance being issued around the use of Zoom for virtual classroom activities among other things.
Let me get one thing straight.
The term “Hack” or “Hacking” is being used more and more out of context.
Simply put, a hack, or hacking is the act of “gaining unauthorised access to a system or computer”.
If you publish your Zoom Meeting link on Social Media or other public platforms for anyone to see, and you then get an uninvited guest causing you issues, this is not hacking or being hacked!
You were silly enough to tell the world about your meeting, so don’t expect just the guests you expected to turn up!
As far as we can tell, almost all (if not all) of these Zoom Bombing incidents are caused by the same as more than 80% of Cyber Incidents and Data Breaches, human error. They were caused by the meeting organisers direct (and intentional) loss of control over their use of the Zoom platform. If this were the handling of Personal Data, these kinds of lapses would be a 4% Global Turnover fine under GDPR!
Here’s three things you can do to help maintain control and security over your Zoom Meetings;
- Do not publish the meeting link publicly on Social Media for the reasons given above, you really are just inviting trouble. We cannot stress this enough so try this, if you were hosting a party at your house
for just your friends to attend, you wouldn’t post the date, time and your home address on a public forum for anyone to see, so why do the same for your private meeting?
- When you do set up a meeting, ensure to untick the “Use my Personal Meeting ID” option. This will force Zoom to generate a one-time-use meeting ID and link which is just for that meeting. Yes, it would still be feasible for a malicious guest to guess the one in a billion possible meeting ID’s, but that’s not quite as easy as being given the exact link so is far less likely!
- Set a password on your Zoom Meeting. The App generally does this for you, and will therefore require every attendee to enter the correct password to join the meeting, so even if someone did guess your meeting ID, they still have to guess the password as well, increasing the likelihood of them gaining access to something like 1 in 900,000,000,000,000.
Better still, if you can confirm that your meeting attendees will only use the App or Computer to join voice audio, you can use letters and numbers and some symbols, increasing the chances of guessing the correct meeting ID and password significantly. It really is worth asking attendees if they intend to dial in by phone so you can set a stronger password.
Just by following these three simple tips, you can secure your Zoom meeting against the opportunist threat, and the vast majority of us don't need to worry about the more sophisticated hack actors.