Companies can take some simple steps to protect their Zoom meetings, but they should also consider ways to better educate their employees on how to use the software.
During the early stages of the COVID-19 pandemic, IT departments scrambled to deliver tools to end users that would enable them to communicate with others while working from home. This set off an explosion in the use of video conferencing platforms -- in particular, Zoom.
Because time was of the essence -- and because the video conferencing market overall was caught off guard in terms of demand for its communications services -- platform security wasn't as airtight as it might have been. It didn't take long for stories to surface detailing how easy it was for hackers to derail virtual meetings by inserting explicit and distressing images into users' video conferencing feeds. And, although Zoom -- as well as other providers -- took steps to beef up precautions, many still ask this question: How secure is Zoom video conferencing?
Let's explore this topic in a bit more detail.
Zoom-specific security concerns
In early 2020, when Zoom was struggling to keep up with massive customer growth, investigators discovered the encryption implemented within the platform contained flaws that allowed sensitive customer information to leak out. Zoom quickly addressed the issue, but the episode illustrated the fact that all software-based tools have security shortcomings that bad actors seek to identify and exploit.
To ensure that the latest security patches are installed, Zoom recently announced the ability to perform automatic updates to its client software. This is a great step forward in the never-ending battle to protect Zoom customers from data loss, theft and invasions of privacy.
Perhaps more important is the need to properly train users on how to safely conduct both one-on-one and group Zoom sessions.
End-user security concerns
Perhaps more important is the need to properly train users on how to safely conduct both one-on-one and group Zoom sessions. A phenomenon, Zoombombing, became a big concern as sessions not properly secured were accessed by troublemakers who took over the meetings -- and often shared unsavory content to unwitting participants. While these incidents could have easily been avoided, meeting users often were not aware of how to protect their meetings from these types of attacks.
In many cases, critical Zoom security features are not enabled by default. Thus, for meetings that require the utmost in security, the manual enablement of certain security functions can significantly reduce risk. Examples of how to make moot the discussion of how secure is Zoom video conferencing include the following:
allowing only registered Zoom users to attend a meeting;
requiring the host to manually admit attendees into a meeting room;
requiring that attendees enter a unique password prior to gaining access to the meeting room virtual lobby;
modifying screen-sharing capabilities so only the host can share content;
locking a meeting once all attendees have joined so no others can join; and
scheduling group meetings using separate and randomly generated meeting IDs, as opposed to a user's personal meeting ID, a static credential that can easily be leaked to the public.
Instituting best practices can improve the security of video meetings.
Secure, but always in flux
These days, Zoom meetings are considered relatively safe to use. The company appears to have addressed the major security gaps within the platform and is focused on staying on top of the latest vulnerabilities. Therefore, the biggest risk to an organization -- as is typically the case -- is found in users who don't follow or understand how to better protect their meetings. To that end, businesses should consider a Zoom training course or create documentation that walks users through the steps needed to protect their meetings and lessen the likelihood of a security event.
Dig Deeper on Video conferencing and visual collaboration
While network security focuses on solely protecting networks, cloud security provides protection for networks, servers, containers, apps and more.
Continue Reading
The quick answer is yes -- IT administrators can monitor employees' messages in Microsoft Teams. But organizations need the proper license plans and ...
Continue Reading
When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data.
Continue Reading
