Many organizations and professionals are having increased security concerns while using Zoom as a Conferencing platform. However, it is difficult to switch platforms because of investments, user experience, and past practices. ETEK Security Advisory experts are providing the following 7 Key Technical and Zoom Tool Management Recommendations to use Zoom securely:
- Updates: All platforms are on continuous improvement, developing new operating and security features. Zoom is no exception and recommends users hosting a new meeting, to click on the toolbar “update our app” and select new updates and install the same all devices that are connected to the session
- Passwords and Session Id: When you create a new session, the app creates a PMI, this is a number that you can distribute for one or many users however it’s highly recommended to generate unique ID per user despite PMI. I also recommend generating a password per session.
- Administrator or Moderator Control: It’s important to assign one moderator role for each of meetings or meetiings where participants beyond your trust network will join. You can make the registration mandatory and the moderator is ready to check people trying to get into the meeting and block ones perceived as strangers, annoying or potential threats.
- Leverage Waiting Room: We recommend setting up waiting rooms to validate trusted invitees before the moderator allow invitees in the session.
- Screen sharing Control: Recommend having “Host” control of sharing the screen. You can configure that feature with simple steps of: Personal > Settings > In Meeting (Basic) and look for Screen sharing.
- Block Session: We recommend blocking all sessions once the meeting has started. You also have options to block video if required.
- File-Sharing Control: We recommend blocking features of use “Animated GIFs, files on chat, and as well as sharing general files” when you are hosting the meeting. The feature mentioned is not by default and we recommend checking below link: https://support.zoom.us/hc/en-us/articles/209605493-In-Meeting-File-Transfer?zcid=1231 https://support.zoom.us/hc/es/articles/209605493-Transferencia-de-archivos-durante-la-reuni%C3%B3n
It is possible during these days to get involved in APT (Advanced Persistent Threat) campaigns or trojans spread during this time. Cybercriminals are trying to trick users with the download of software that seems to be original with malware inside. We recommend users to download Zoom from the official website and use the App Store or Google Play with the configuration setting of download only from official and secure sources.
By. Iván Camilo Castellanos