The video-conferencing app maker is addressing security and privacy concerns. There are steps you can take, too.
Security and privacy concerns about video-conferencing app Zoom have surged as quickly as use of the app itself. Its ease of use and low price tag held strong appeal for businesses scrambling to facilitate staff working from home as a social distancing measure while the COVID-19 pandemic took hold. As a result, the number of daily Zoom users skyrocketed from 10 million in December 2019 to 200 million in March 2020. That sudden widespread adoption among home users revealed multiple vulnerabilities in the app, which was originally built for the corporate world.
Criticism over the past several weeks has pointed to flaws on several fronts. Zoom's privacy policy allowed user information to be shared with Facebook and other third-party services. Insufficient encryption standards increased the likelihood that sensitive information communicated during a video meeting could be accessed by someone who shouldn't. Lax security meant that conferences could be hijacked and disrupted by users who guessed the URL or meeting ID of a public Zoom session ("Zoom bombing"). In recent days, the company has committed to prioritizing security fixes over feature development. To combat Zoom bombing, "waiting rooms" and password requirements are now on by default setting for all new or previously scheduled meetings for Zoom Basic tier and single-license Pro tier users. A password requirement adds another step - and layer of difficulty - to using Zoom, but it's an inconvenience that most anyone active on the internet long ago accepted as routine. The virtual "waiting room" feature means that a user can't join a video conference until the meeting host lets them in.
Follow these guidelines to boost defenses against unwelcome access to Zoom meetings:
Know your account. Different types of accounts (tiers) have different features and settings. Hosts should be familiar with the settings needed to maximize security.
Use the latest version. Keep the software updated to fix bugs and minimize the risk of compromise.
Use meeting passwords. Verify that password requirements are in place in account settings. For greater effectiveness, don't embed passwords in meeting links.
Don't share Zoom info in public forums. Avoid posting links, meeting IDs and other details on social media. That includes screenshots of meetings.
Use a randomly generated ID for each meeting. That helps keep your personal meeting ID secure.
Also consider taking these additional measures:
Limit screen-sharing permissions to the meeting host.
Disable file-transfer
Disable private chats.
Disable annotations.
Restrict custom backgrounds.
Above all, "Control your own privacy as you do with all online tools," as Check Point cybersecurity expert Mark Ostrowski said in a recent Forbes article. "Assume what happens in Zoom does not stay in Zoom.”