In the past few weeks, Zoom has been receiving a lot of negative attention about security flaws which enable “Zoom Bombing" (this term describes when a cybercriminal enters a random Zoom call to “troll” (share indecent messages, be disruptive, etc.) and stolen Zoom passwords available on sale from the dark web. This unflattering news has led schools in New York to abandon Zoom, as well as business like Tesla.
Despite the bad press, many others continue to use Zoom due to its ease of use and good performance. As a Microsoft partner, it would be easy to take advantage of this situation and tell everyone to use MS Teams but at the same time, it would be remiss to ignore the reasons so many have chosen Zoom and why my initial instincts is very short sighted. We have had customers revert to Zoom in some cases where MS Teams fell short, albeit Microsoft are making great strides to improving MS Teams. If you, like many, need Zoom; then you will need to know how to add security and stop Zoom Bombing.
Still Worth Using?
Should I continue to use Zoom? Short answer: Yes, but only if you follow security guidelines.
- Immediately apply new security fixes
- Apply security settings for Zoom that are not enabled by default (scroll down to learn how)
- Keep yourself informed
At Techware, we use Microsoft Teams as well as RingCentral, which uses Zoom under the hood for video conferencing. These apps, like all software, are susceptible to security flaws. But with a strong development team, updates and fixes for these flaws don’t take long.
Zoom has experienced an increase from 10 million users in December 2019, to over 200 million users today. This increase in usage means more exposure, more attacks, and more use cases, which result in a good roadmap for improvement. In short, fixes are on the way for the current security issues.
Once you have read all the scary stories about Zoom, take a few steps back and look at how many security flaws exist in other major software products. How the company responded to the flaw is what we should pay attention to, not just the flaw itself. Zoom's response so far is encouraging, they own the problem and are committed to fixing it.
Security Settings to Stop Zoom Bombing and the Stolen Passwords
1) Enable Waiting Room for All Users
- Sign in to the Zoom web portal as an administrator with the privilege to edit account settings.
- In the navigation menu, click Account Management then Account Settings.
- Navigate to the Waiting Room option on the Meeting tab and verify that the setting is enabled.
Note: If the setting is disabled, click the Status toggle to enable it. If a verification dialog displays, choose Turn On to verify the change.
- Select who you want to admit to the waiting room
- All participants: All participants joining your meeting will be admitted to the waiting room.
- Guest participants only: Only participants who are not on your Zoom account or are not logged in will be admitted to the waiting room. If not logged in, they will have an option to log in.
- Note: If Guest participants only is enabled, you can also enable the option to allow internal participants (users on the account), to admit guests from the waiting room if the host is not in the meeting.
2) Enable Password
- Sign into the Zoom web portal.
- As the owner or admin click on Account Management then click Account Settings.
- Navigate to the Meeting tab and verify that the password settings that you would like to use for your account are enabled. If the setting is disabled, click the Status toggle to enable it. If a verification dialog displays, choose Turn On to verify the change.
- (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
- Make sure you change the password regularly