With strict quarantine measures implemented around the world, people are constantly searching for effective means of communicating with each other.
With its reported ease of use, Zoom quickly rose in popularity. However, Zoom’s security flaws came into the spotlight.
We list 10 security and privacy tips for Zoom users. Some of these apply to other video messengers too.
1. Protect your account
Apply the basics of account protection. This includes using a strong, unique password and protecting account with two-factor authentication. Two-factor authentication makes your account harder to hack, even if your account data leaks.
That said, avoid making your Personal Meeting ID public. Because Zoom offers an option to create public meetings with your Personal Meeting ID (PMI), it’s easy to leak that ID. The catch, however, is that if you do, anyone who knows your PMI can join any meeting you host.
2. Use your work e-mail to register with Zoom
Register with Zoom using your work e-mail. If you don’t have a work e-mail, use a burner account with a well-known public domain to keep your personal contact details private.
The reason for this measure is that a glitch in Zoom causes the service to consider e-mails of the same domain as belonging to one company, and it shares their contact details with each member of that group.
3. Don’t use fake video messenger apps
As Kaspersky security researcher Denis Parinov discovered in March, the number of malicious files using the names of popular video conference services in their filenames had roughly tripled in comparison with the numbers he found month by month over the previous year.
Criminals are ramping up their abuse based on the popularity of Zoom and other video messenger apps, trying to disguise malware as videoconference clients.
Use Zoom’s official website — zoom.us — to download Zoom safely for Mac and PC, and to go to the App Store or Google Play for the mobile versions.
4. Don’t use social media to share conference links
Zoom is also often used for public events. Since it is a public event, more caution should be practised. Avoid sharing the link of your meeting on social media. Trolls can disrupt the meeting with offensive content. This is commonly known as "Zoombombing".
5. Protect every meeting with a password
Setting up a password for your meeting is the best way to ensure that only the people you want in your meeting can attend it.
Recently Zoom turned password protection on by default. As with meeting links, meeting passwords should never appear on social media or other public channels.
6. Enable Waiting Room
To give more control over the meeting - and who enters it - is Waiting Room. Waiting Room has recently been enabled by default and makes participants wait in a “waiting room” until the host approves each one.
This gives the host the ability to control who joins your meeting, even if someone who wasn’t supposed to participate somehow got the password for it.
7. Pay attention to screen-sharing features
Every normal videoconference app offers screen-sharing — the ability of one participant to show their screen to the others. Pay attention to screen-sharing settings to keep meeting secure. Limiting screen-sharing ability to the host or decide if it can be extended to everyone on the call. You can also let multiple participants share screens simultaneously.
8. Stick with the Web client if possible
The various Zoom client apps have demonstrated a variety of flaws. Some versions let hackers access the device’s camera and microphone, whereas others let websites add users to calls without their consent.
However, this threat is possible. Use Zoom’s Web interface instead of installing the app on your device, if possible. The Web version sits in a sandbox in the browser and doesn’t have the permissions an installed app has, limiting the amount of harm it can potentially cause.