With social distancing and quarantine measures implemented around the globe, people quickly started searching for effective means of communicating with each other. With its reported ease of use and attractive pricing, Zoom quickly rose in popularity \u2014 and people quickly figured out that Zoom\u2019s developers weren\u2019t fully prepared for the level of scrutiny it would receive.<\/p>\n
With so much use, Zoom\u2019s flaws came rapidly to light. The company handled the tremendous increase of workload seamlessly and quickly reacted to security researchers\u2019 discoveries. However, just like with each and every service, code updates will not address every complaint, but some issues are very much worth keeping in mind. So, here we offer 10 security and privacy tips for Zoom users.<\/p>\n
A Zoom account is just another account, and in setting yours up, you should apply the basics of account protection. Use a strong and unique password<\/a>, and protect your account with two-factor authentication<\/a>, which makes your account harder to hack and better protected, even if your account data leaks (though so far that hasn\u2019t happened).<\/p>\n There\u2019s at least one more Zoom-specific catch: After you register, in addition to your login and password you get a Personal Meeting ID. Avoid making it public. And because Zoom offers an option to create public meetings with your Personal Meeting ID, it\u2019s quite easy to leak that ID. If you do, anyone who knows your PMI can join any meeting you host, so share this information prudently.<\/p>\n A weird glitch in Zoom<\/a> (which at the time of this writing wasn\u2019t yet fixed) causes the service to consider e-mails of the same domain \u2014 unless it\u2019s a really common domain such as @gmail.com or @yahoo.com \u2014 as belonging to one company, and it shares their contact details with each member of that group. For example, that happened to users who registered Zoom accounts using e-mails ending with @yandex.kz, which is a public e-mail service in Kazakhstan, and it may happen again with e-mail addresses belonging to smaller public e-mail providers.<\/p>\n So, to register with Zoom, use your work e-mail. Sharing your work contact details with your real colleagues should not be a big deal. If you don\u2019t have a work e-mail, use a burner account with a well-known public domain to keep your personal contact details private.<\/p>\n As Kaspersky security researcher Denis Parinov discovered, this March the number of malicious files incorporating the names of popular video conference services (Webex, GoToMeeting, Zoom, and others) in their filenames had roughly tripled in comparison with the numbers he found month by month over the previous year. That most likely means malefactors are ramping up their abuse based on the popularity of Zoom and other apps of its kind, trying to disguise malware as videoconference clients.<\/p>\n Don\u2019t fall for it! Use Zoom\u2019s official website \u2014 zoom.us<\/a> \u2014 to download Zoom safely for Mac and PC, and go to the App Store<\/a> or Google Play<\/a> for your mobile devices.<\/p>\n\n Sometimes you want to host public events, and in many places online events are the only type of public events available these days, so Zoom is attracting more and more people. But even if your event is truly open to everyone, you should avoid sharing the link on social media.<\/p>\n If you knew anything about Zoom before reading this post, you\u2019ve probably heard about so-called Zoombombing. It\u2019s a term Techcrunch<\/em> journalist Josh Constine coined<\/a> to describe trolls disrupting Zoom meetings with offensive content. Right now, several chats on Discord and threads on 4Chan (both popular with trolls) are discussing targets for their next raids.<\/p>\n Where do the trolls get information about upcoming events? That\u2019s right, they find them on social media. So, avoid publicly posting links to Zoom meetings. If for some reason you still want to, make sure you don\u2019t enable the Use Personal Meeting ID<\/em> option.<\/p>\n Setting up a password for your meeting remains the best means of ensuring that only the people you want in your meeting can attend it. Recently Zoom turned password protection on by default \u2014 a good move. That said, don\u2019t confuse the meeting password with your Zoom account password. And like meeting links, meeting passwords should never appear on social media or other public channels, or your efforts to protect your call from trolls will be in vain.<\/p>\n Another setting that gives you more control over the meeting, Waiting Room<\/em> \u2014 recently enabled by default \u2014 makes participants wait in a \u201cwaiting room\u201d until the host approves each one. That gives you the ability to control who joins your meeting, even if someone who wasn\u2019t supposed to participate somehow got the password for it. It also lets you kick an unwanted person out of the meeting \u2014 and into the waiting room. We recommend leaving this box ticked.<\/p>\n Every normal videoconference app offers screen-sharing \u2014 the ability of one participant to show their screen to the others \u2014 and Zoom is no exception. Some settings that are worth keeping an eye on:<\/p>\n Limiting screen-sharing ability to the host or extending it to everyone on the call. If you don\u2019t need other people to show their screens, you know which option to choose; The various Zoom client apps have demonstrated a variety of flaws. Some versions let hackers access the device\u2019s camera and microphone<\/a>; others let websites add users to calls without their consent<\/a>. Zoom was quick to fix the aforementioned problems, as well as other, similar ones, and it stopped sharing user data with Facebook and LinkedIn. However, given the absence of a proper security assessment, Zoom apps likely remain vulnerable, and they may still employ shady practices such as sharing data with third parties.<\/p>\n2. Use your work e-mail to register with Zoom<\/h2>\n
3. Don\u2019t fall for fake Zoom apps<\/h2>\n
4. Don\u2019t use social media to share conference links<\/h2>\n
5. Protect every meeting with a password<\/h2>\n
6. Enable Waiting Room<\/h2>\n
7. Pay attention to screen-sharing features<\/h2>\n
\nLetting multiple participants share screens simultaneously. If you can\u2019t immediately see why your meetings would need this capability, you\u2019ll probably never need it; just keep it in mind in case you ever need to enable it.<\/p>\n8. Stick with the Web client if possible<\/h2>\n