Skip to main content
The COVID-19 pandemic has seen video conferencing services like Zoom explode in popularity as people make the shift towards working from home. Unfortunately, this recent surge in users has also created a disturbing new trend – “Zoombombing”, where unauthorized users and internet trolls slip into online meetings and wreak havoc by sharing inappropriate content.
Naturally, this creates concern among businesses and organizations using these services to discuss confidential or privileged information. Especially in larger meetings, an uninvited participant might go unnoticed, enabling that person to use their access and gather sensitive information and data. Unsurprisingly, this has led many to question whether these services are safe and secure – Should we really be relying on these platforms so heavily if they pose such a huge inherent security risk?
Keeping your Online Meetings Safe
You might be surprised to find out that the majority of these attacks are a result of poor cybersecurity hygiene rather than inherent flaws with the software. For example, Public Zoom meetings can be accessed by anyone without registering for an account, and links are frequently posted to social media. All an attacker needs to do is search for these links and access is provided. In other words, the majority of these attacks are easily avoidable, provided you keep an eye on the privacy settings that are available.
Tips that you can use to keep your online meetings protected:
-
- Managing Participants: Most video conferencing software will provide useful functionality that will allow you to manage participant privileges and access rights. When setting up a meeting, make sure that access is only granted to people who are joining the call with the email through which they were invited. Similarly, most video conferencing software will also provide the option to “lock” the meeting, which prevents any new users from joining the meeting even if they have a password.
- Manage Screen Sharing: One of the most common methods of Zoombombing is to hijack the screen sharing function in order to share inappropriate images or offensive content. Luckily, most video conferencing platforms provide functions to prevent this from occurring by providing the host with the ability to disable screen and video sharing.
- Manage Information-Sharing: Attackers sitting in on private meetings will often share malicious links or poisoned files to gain system access or data. Make sure to disable features like in-meeting file transfer, annotations, and private chat to ensure that no one is sharing any unwanted content.
- Manage Sensitive or Confidential Topics: For meetings where confidential or privileged information is going to be discussed, make sure to set up two-factor authentication. This can be easily done by sending the meeting ID to an email while sending the password by SMS. Most video conferencing software will also provide a waiting room feature that provides an additional line of defense against unauthorized access.
Other Recommendations:
With video conferencing services like Zoom continuing to grow in popularity as we move towards a decentralized work environment, hackers and cybercriminals will inevitably follow as they attempt to exploit the people using them. With this in mind, here are some additional recommendations that you should keep in mind:
- Beware of phishing scams: Hackers will use malicious links that have a false domain and look-alike websites that ask for credentials. Take extra care when clicking on video conferencing links by taking the time to make sure that they are legitimate.
- Avoid sharing your personal meeting ID: Most video conferencing software provides a Personal Meeting ID that is unique to a specific user account. This link does not change, meaning that those with access to your Personal ID can access it any time.
Use up-to-date software: Software updates will occur regularly and often contain security updates and patches. Make use of the latest version of your software to ensure that you are using the most up-to-date and secure version.
