Resources

WOLF & CO Insights Cybersecurity Tips: Zoom Video Conferencing

Cybersecurity Tips: Zoom Video Conferencing



The COVID-19 pandemic has pushed many businesses to rely on the security and stability of their remote capabilities to ensure business continuity. In an effort to keep employees connected during this time, organizations have begun utilizing various video-conferencing tools, such as Zoom.

Lately, Zoom has been receiving a lot of negative press on their security. However, many of the incidents spread on the front page could have been prevented.

We’ve compiled a few tips detailing what your business can do to secure your Zoom meetings. Each organization will need to assess these settings based on their own business requirements; the settings mentioned below are, in some cases, restrictive and may not fit your business needs. Make sure Zoom is added to your patch management program to make sure you have the latest security patches, and always test and review your settings with Zoom representative.

Account Settings

  1. Password protect meetings

This will mitigate Zoom-bombing. Administrators can set this as a default, but it can be changed by the user unless enforced globally.

Settings:

Require a password when scheduling new meetings Enable
Require a password for instant meetings Enable
Require a password for Personal Meeting ID (PMI) Enable
Require password for participants joining by phone Enable

 

  1. Encrypt communications between all data from Zoom cloud, Zoom client, and Zoom Room
Require Encryption for Third-Party Endpoints (H323/SIP) Enable

 

  1. Disable the ability for hosts and participants to send files through the in-meeting chat

This option might not be feasible from a business perspective depending on how you want to use Zoom meetings.

File Transfer Disable

 

  1. Restrict who can share their screen and annotations

If you are working with your team on a business opportunity, it might not make sense to lockdown screen sharing. If you are hosting a large group, consider the following security controls to prevent inappropriate screen sharing, annotation, and whiteboard displays.

Screen sharing Enable
Who can share Host Only
Annotation Disable
Whiteboard Disable

 

  1. Keep previously removed participants from rejoining
Allow removed participants to rejoin Disable

 

  1. Identify guest participants (someone who does not belong to your account or organization in the meeting
Identify guest participants in meeting/webinar Enable

 

  1. Enable a waiting room. Attendees can’t join a meeting until a host admits them individually

This can help prevent unauthorized individuals from joining.

Waiting room Enable

 

  1. Hide sensitive information from the snapshot of the Zoom main window and enforce globally
Blur snapshot on iOS task switcher Enable

 

You can also set a policy for meetings that are recorded. There are times when you want to record a meeting, such as training or webinar that you would like to distribute after the meeting. Recording should be restricted to the host and should not be stored in the cloud.

  1. Do not allow participants to record the meeting to a local file or record in the cloud
Local recording: Hosts can give participants the permission to record locally Unselect
Cloud recording Disable

 

  1. Display a disclaimer to the participants before a recording starts
Recording disclaimer Enable (add legal disclaimer)

 

Security Settings

Implement your password policy. You can also enable two-factor authentication or allow users to sign in with single sign-on (SSO) for your domain. Authentication settings can be configured to meet your organization’s requirements. Additional setting include:

  1. Do not allow users to sign in with Google or Facebook
Allow users to sign in with Google Disable
Allow users to sign in with Facebook Disable

 

IM Management

  1. Do not allow users to take and send screenshots in direct messages or group conversations
Screen capture Disable

 

  1. Do not allow users to send files in direct messages or group conversations
File transfer Disable

 

  1. Enable end-to-end chat encryption and enforce globally

This will encrypt all messages and files while being transmitted and when they are stored.

Enable end-to-end chat encryption Enable

 

  1. Disable the ability for messages and files to be stored in the cloud
Cloud storage Disable