How to defend your Zoom meetings from hacking

Defend Zoom meeting

With the growing number of people suddenly working from home, Zoom meetings have almost become a way of life. Whether it’s for office use, educational, or just friends and family, the app has seen a huge spike in its userbase. Zoom is easy to use and available on all the major platforms, making it one of the go-to apps for a lot of people.

However, growing security and privacy concerns led to the app coming under the microscope. Zoom has put a plan in place to improve its security, but in the meantime here’s what we can do to make sure our Zoom calls are as safe as we can make them.

► How to Zoom meeting: Set up, join, host, schedule, and more

Enable End-to-End Encryption

End-to-End Encryption is widely dubbed as the gold standard of encryption and security. This encryption protocol makes sure that no one, except for the ones communicating, is allowed to read a single bit of data that’s being transmitted. Zoom has faced a lot of criticism for not being up to the mark in terms of encryption, and this new addition is a befitting reply to the doubters. The feature is still in beta, and you’d miss out on cloud recording, phone/SIP/H.323 dial-in, and more, but it’s still the best way to go for industry-grade security.

To enable End-to-End Encryption, go to ‘Settings,’ then ‘Security,’ and finally, toggle on ‘Allow use of End-to-End Encryption.’ You’ll be asked to enter your phone number and enter the verification code. Ultimately, you’ll need to set the default encryption type to ‘End-to-end encryption’ and hit ‘Save.’

Securing Zoom Rooms

Zoom’s public meeting ID’s allow for any user with the ID to “gate crash” the meeting. The FBI was alerted by a number of sources about strangers Zoombombing meetings with disruptive material.

Zoombombers can find your meeting ID in two ways; first, simply by using the ID posted in a public forum like Facebook, or on websites. Second, by cycling through random ID’s till they arrive at an active meeting.

The following steps can be employed to protect yourself, and your meetings from unwanted external interruptions.

Private ID

This is an obvious one. Refraining from posting meeting ID’s in public forums and instead, sending them directly to the attendees will reduce the chances of strangers finding your meeting. This is especially helpful if you already know your roster for the meeting.

Yes, this is not always feasible, especially when it is a public event like a Webinar. In such cases, having prospectives ‘Request’ for an ID helps you track who has acquired the meeting ID.

Screen sharing

Screen sharing allows users to share their personal screens with everyone in a meeting. Since there is no way to restrict what can be shared on a screen, there have been numerous reports of offensive material having been shared in a meeting.

Luckily Zoom lets you decide who can share their screen in a meeting; All the participants, Only the host, or no one.

If you don’t want anyone to be sharing their screen, simply toggle off screen sharing by going to the settings tab, selecting In Meeting (Basic) and toggling Screen sharing to OFF. The other screen sharing options are in the same location.

Waiting rooms

Understanding that it is not always possible to keep Meeting room ID’s private, Zoom has introduced ‘Waiting Rooms’. This additional bit of security is intended to keep users who are not welcome, out of the meeting.

Waiting rooms are a handy addition to the Zoom environment in which they allow the host of the meeting to check the attendees off the roster before allowing them in. You can see why this would come in use when screening for Zoombombers.

By default, Zoom waiting rooms are toggled on, but in case you needed to find the setting yourself, you can find it under the Settings tab > In Meeting (advanced) > Waiting room.

To toggle off Waiting Rooms, however, you have to make sure that your meetings are Passcode protected. Zoom has ensured that users must have either Waiting Room or Passcode enabled, for added security.

Lock meeting

As mentioned above, another way users can infiltrate a meeting is by cycling through meeting ID’s till they find an active one. This added security function eliminates that threat. Keeping uninvited users out can be as simple as locking the meeting once all the participants have arrived.

On the downside, however, once a meeting is locked, not even users who have the password can get in. So it is best to make sure everyone is present before locking the meeting.

Select the Manage Participants tab at the bottom on the screen, then click on the 3 small dots in the right corner. Select Lock Meeting, and you’re done!

Most of these security settings mentioned above can be accessed from the Security tab at the bottom of the call screen.

Turn Off Autosave for chats

Following the idea of disappearing chats, Zoom allows users to toggle the option on/off. If your meeting is confidential and you would not like anyone to save the chats that occur during the period of the meeting, it is a good idea to turn OFF Zoom’s auto-save function.

Toggling the function off still allows the host to save the chats in a meeting when they so choose but prevents chats from ALL meetings being saved by default.

Under the settings tab, select In Meeting (basic) and toggle Autosaving chats to OFF.

Virtual image/video backgrounds

In order to protect the identity of your ‘home’ work environment, Zoom allows users to superimpose themselves on a virtual background, thus cutting out any background noise. Fun as it looks, this helps users gain a little more privacy while working from home.

Click the settings icon in the top right corner of the Zoom app, and select the Virtual Backgrounds tab. Here you can choose between still image backgrounds and Virtual Video Backgrounds.

To know more about changing your virtual backgrounds, check out our article.

Allow only authenticated users to join meetings

Zoom offers the ability to create Authentication profiles which lets hosts decide which participant can join a meeting. As an administrator, you can enable the option to only add authenticated users to enter a meeting session by going into Account Settings and enabling the option adjacent to “Only authenticated users can join meetings”.

You can choose between two methods for authentication – Sign in to Zoom and Sign in to Zoom with specified domains. “Sign in to Zoom” can be selected if you wish to allow anyone into the meeting who has signed into their Zoom account. By selecting the “Sign in to Zoom with specified domains” option, only users with a certain domain(s) will be able to join the meeting.

Require registration for attendees

In addition to creating authentication profiles, Zoom also allows you to require registration from users who wish to join your meeting. If a meeting requires registrations, participants will need to mention their e-mail, name, and answer questions that the host set for them. To enable the requirement of registration, the meeting host should be a licensed user, meaning they should be using any of Zoom’s paid plans.

You can check the “Registration: Required” checkbox when scheduling a meeting to decide if you want to approve participants on just signing up or after you allow them to. You can then proceed to pick questions or designing custom ones to ask anyone who signs up for joining the meeting.

Enable image and audio watermarks for your meetings

In order to protect the information that is being shared during a meeting session on Zoom, you can add watermarks to your video feed, shared screens, and your audio. Watermarks on Zoom are available in two different ways on Zoom – image and audio.

If you’re sharing your screen with other members of a meeting, a part of your email address will show on across your shared screen as well as your video feed. With audio watermarks, Zoom will plant an inaudible audio sound that will have your personal information to help detect if a participant recorded the meeting. You can enable image and audio watermarks by heading over to Account Settings on Zoom.

Disable joining before the host

Zoom has an option for hosts to allow attendees to join the meeting before they enter it themselves. While allowing other participants to join before the host could be convenient, it’s not the best option in terms of security. If you disable the “Join before host” inside Zoom Account Settings, the participants who enter the meeting will see “The meeting is waiting for the host to join” dialog on the screen and will only be able to join the meeting session once the host logs in to the session.

Do NOT allow removed participants to rejoin

Zoom offers the option to allow participants who were previously present in the meeting to get back into the meeting. However, if you wish to keep the meeting session safe and secure, you might want to disable the “Allow removed participants to rejoin” option under the ‘In Meeting (Basic)’ section inside Zoom Account Settings. This will prevent previously removed meeting participants and webinar panelists from entering the meeting again.

Security is of the utmost importance when dealing with online interactions. We hope you employ these practices into your day to day meetings. Stay safe, and don’t forget to lock your Rooms!