How to ensure your Zoom meetings are secure

The rapid uptake of video conferencing via platforms such as Zoom has allowed businesses to continue, if not quite as normal, then as close to it as possible in these troubling times. However, the rise of these tools has also presented new challenges for employers – primarily in relation to security. 

What do HR professionals need to be aware of? 

First, some context. Since the coronavirus forced businesses to implement alternate working arrangements, virtual conference solutions have gone from being a “nice to have” to being critical for business continuity. There are a number of solutions jostling for market position, including Skype, Microsoft Teams, BlueJeans, and GoToMeeting. However, it’s Zoom that has surged to the front. It’s now perhaps the most ubiquitous tool for video conferencing, with an estimated 40% market share in A/NZ and currently over 200 million daily active users globally (up from 10 million in December 2019). 

As with any rapid-growth entities, there’s been an element of “catch-up” required on Zoom’s part, with security being a critical area of concern. Zoom already had several safeguards in place, but for new users these could be tricky to locate. As a result, there were increasing reports of meetings being interrupted by unwanted intruders (known as “Zoom-bombers”), as well as identity theft, malware and hacking incidents.

In April, Zoom CEO Eric Yuan announced the company would switch focus from developing new features to ramping up engineering resources focused on privacy and security. Zoom has also hired a dedicated security team, including Alex Stamos (ex-Facebook CSO). Several new measures have already been rolled out:

• In an attempt to prevent Zoom-bombing, meeting ID numbers will no longer be shown in address bars. 
• A dedicated security tab has been introduced to streamline the changing of security settings for hosts and meeting attendees. 
• Zoom has also changed where data is stored. Paid subscribers can now opt-in or out of specific data centre regions. China, too, has been geofenced to stop information outside of the country from being transferred there. 

While Zoom continues to beef up its security, we’ve developed some key tips using these – and even more security enhancements that are now available in the platform – to ensure your next Zoom meeting is secure.

Tip #1: Know your Zoom package

There are a number of Zoom account types, each with different privileges and powers:

• A basic account is free and allows you to have unlimited one-to-one meetings, but for meetings with three or more people, there is a 40-minute time limit.
• A pro account is the next tier up on the public cloud and it provides the user with administrative abilities such as enabling and disabling recording, and it extends meeting limits to 24 hours.
• A corp account allows unlimited meetings on the hybrid cloud.

Whatever package you’re on, it’s important that the host of each meeting is familiar with the security settings.

Tip #2: Don’t share Zoom details on public forums

This may seem obvious, but it’s crucial to ensuring your meeting is secure. Sharing a link to a meeting on a public forum makes it much more susceptible to hackers. Most Zoom meetings have a public link that, if clicked, allows anyone to join.

This makes it easy for trolls and hackers to collect these links and share them with groups with the specific intention of Zoom-bombing or causing other problems. The same applies to sharing meeting IDs: don’t do it!

Tip #3: Be wary of using personal meeting IDs

If you’re using meeting IDs instead of links to host public events, make sure you use a randomly generated ID, rather than your personal meeting ID.

If you share your personal meeting ID in public, it allows anyone who sees it to not only join that initial meeting, but to crash your personal virtual space at any other time.

You should think of your personal meeting ID like your own phone number – would you share that openly on Facebook and Twitter? Also be mindful of sharing screenshots of Zoom calls in session on social channels as the screenshot may inadvertently include the Zoom ID, exposing your meeting to crashers.

Tip #4: Set passwords on your meetings

Password protection is now being rolled out as a default by Zoom, but it’s important to ensure users are exercising this practice all the time. All Zoom meetings should have both an entry link or ID and a password in order to get in. Again, do not share these passwords on public platforms alongside a corresponding link or ID. To access Zoom settings:

• Go to https://zoom.us/ and click the “Sign in” button.
• Click the Settings button on the left-hand side of the screen.
• This will take you to the “Settings” page, which has 3 tabs/buttons across the top: “Meeting”, “Recording”, and “Telephone”.
• Select the “Meeting” section.

Next, navigate to password settings (for utmost security, it is recommended that all options are enabled as pictured below):

Tip #5: Set up a Waiting Room

Waiting Rooms have also become a default setting as part of Zoom’s latest security measures. It’s a way of monitoring who is coming into your meeting.

When scheduling a meeting, go to your settings and click ‘Advanced’ options. Here you will have the ability to ‘Enable Waiting Room’. This means that when participants do join the meeting, they will be added to a virtual waiting room, where the host of the meeting can vet participants before allowing them to join the call.

Tip #6: Restrict participant powers

The Advanced Settings also enables you to restrict the powers of your participants during meetings. For example, you can mute all attendees upon entry to ensure that there are no disruptions. 

During a meeting, the bar along the bottom of the screen allows you to manage participants. You can mute everyone on the call or prevent them from unmuting themselves. You can also ensure that only the host has the ability to share their screen by clicking the arrow next to ‘share screen’. You can also restrict chat options if chat is not needed, or limit chatting to the host only.

Tip #7: Lock the meeting

For smaller meetings, once all attendees are present you can select ‘manage participants’ and choose ‘more’ at the bottom of the side bar. This will give you the option to lock the meeting, which will prevent any further participants from joining. For more public virtual events, this step can be taken 10 minutes after the event has begun. It’s a clear sign that late entries will not be permitted once the meeting has started.

Tip #8: Review data privacy settings

Zoom offers a setting to Require Encryption for 3rd Party Endpoints (H323/SIP) that can be set by the host of meetings or at the account level for all members. 3rd Party Endpoints are VOIP devices, such as desk phones and soft phones. Using encryption stops someone from being able to ‘snoop in’ on the call. If this setting is selected, H323/SIP devices will be required to use encryption when dialling into the meeting. To do this, access Account Management and then find Account Settings. Navigate to this screen:

Zoom recently came under fire over concerns that it was sending information through China, opening up the risk of privacy infringements. The data centre setting controls where meeting data ‘might’ go if left to be routed to the nearest service. So, those in Asia could end up with their data going through China if that’s the closest centre.

While free users are tied to the data centres in the region they subscribed in, a new feature for paying users allows them to select which regions data may pass through. The screenshot below shows how to select a data centre from the Advanced Settings tab.

Tip #9: Ensure you’re using the latest version of Zoom

A final tip is to regularly check for updates. As new security issues crop up and Zoom deploys patches or functions are disabled, it’s critical to ensure you have the latest build. In order to check, open the desktop application, click on your profile in the top-right, and select “Check for updates”.

Remember, the above tips are only useful if people know about them. HR professionals have a key role to play in ensuring employees understand how critical security is in the online world, especially when it comes to remote meetings. Be safe rather than sorry – ensure these best practice tips are followed.

When working remotely and communicating via video tools like Zoom, high-quality communication shouldn’t be compromised. In fact, collaboration and corporate culture is more important than ever before, which is why ELMO Cloud HR & Payroll has recently launched ELMO Connect. 

This new module offers instant messaging functionality and integration with Zoom video conferencing. ELMO Connect delivers rapid benefits to your workforce without needing to invest in complex and time-consuming integrations. Team communication and collaboration can occur from within ELMO’s cloud-based, integrated HR and payroll suite, from the same place that employees make leave applications, undertake their learning activities, and complete their performance appraisals. To discover how ELMO Connect can assist your organisation, contact us.