Home

Zoom’s Best Security Practices

|
|  Updated:  
2023-08-14 18:16:02
|   From The Book:  
Zoom For Dummies
Explore Book
Buy On Amazon
Zoom offers a bevy of robust features for meetings. (Short version: Thanks to Zoom, hosts and participants can perform many useful tasks.) There’s a chasm, though, between could and should. Put simply, just because Zoom lets you enable or disable a feature doesn’t mean that you should do it.

Zoom privacy ©fizkes/Shutterstock.com

With that in mind, here are some tips on minimizing the chance that someone Zoombombs your meeting. More generally, follow the advice here to protect the privacy and security of your Zoom communications as much as possible.

Your scientists were so preoccupied with whether or not they could they didn’t stop to think if they should.

— Jeff Goldblum as Dr. Ian Malcolm, JURASSIC PARK

Keep your PMI private

You wouldn’t give a stranger a key to your home. The same principles apply to your Personal Meeting ID (PMI). Giving it to your spouse or mother is benign. Sharing it on social media is a recipe for disaster.

Use waiting rooms

Yes, Zoom lets users with sufficient permissions disable waiting rooms for their meetings — and possibly for others employees in the organization. I’d advise against it, however, especially on a permanent basis. Visit this Zoom Help Center article for directions on how to effectively make your meetings less secure.

Prevent removed meeting participants from rejoining

John is acting like a putz during the company Zoom meeting, a fact not lost on the other participants. You have warned him a few times to knock it off, but he’s incorrigible. As host, you finally boot him from the meeting. Everyone applauds.

By default, Zoom prevents John from jumping back in, even if he retained the host’s PMI or the meeting’s ID and password.

Again, depending on your formal Zoom role, you can change this setting. Still, I’d leave it as is. What’s more, if you’re a Zoom account owner or admin, then you may want to lock this setting such that non-administrative members cannot change it for themselves.

To do so, follow these directions:

  1. In the Zoom web portal, under the Admin header, click on Account Management.
  2. Click on Account Settings.
  3. Click on In Meeting (Basic).
  4. Slide the Allow removed participants to rejoin toggle button to the left to turn it off.
  5. Click on the grey lock icon to the right of the toggle button. Zoom displays a message asking you to confirm your decision.
  6. Click on the blue Lock button. Zoom confirms that it has successfully updated your settings.

Limit who can control the main meeting screen

Meetings & Chat offers a bevy of powerful screen-sharing features. If you want to dial back those options a bit, you certainly can. For example, say that you’d like to prevent participants from sharing their screens. Just follow these directions:
  1. Launch the Zoom desktop client.
  2. Start your meeting.
  3. Mouse over the bottom of the screen so that Zoom displays a menu.
  4. Click the up arrowhead (^) next to Share Screen.
  5. Select Advanced Sharing Options from the pop-up menu.
  6. Underneath Who can share?, select the Only Host checkbox.
  7. Close the screen and return to your meeting by clicking on the red circle in the top left-hand corner of the screen.

Use your brain

The history of technology teaches its students many important lessons. Perhaps at the top of the list is that even the smartest cookies cannot predict every conceivable problem that a software product, feature, or version may cause. First, the law of unintended consequences is alive and well.

Second and just as important, bad actors are a clever lot. They invariably employ sophisticated tactics to circumvent even the most thoughtful security and privacy controls. In this way, Zoom has had to confront some of the very same challenges that have plagued Facebook, Twitter, Google, Amazon, and other firms of consequence. All of this is to say that managers and software engineers can do only so much to mitigate the problems that invariably arise with massive usage.

At least you always take with you one of your most effective weapons to combat attendee mischief and malfeasance. I’m talking about the organ that lies between your ears. Think carefully and critically about what you’re doing in Zoom and with whom. Always be skeptical.

Exhibit a healthy skepticism

Say that your son is a sophomore at a small northeastern university in a different part of the country. You and your spouse eagerly await your weekly Zoom call with him every Sunday afternoon at 4 p.m. You shared your PMI with him a year ago and thought nothing of it.

On Saturday, you receive an email from an unrecognized sender who purports to be your son. Still, something about the situation just rubs you the wrong way. This individual asks you to provide your PMI because he lost it.

What do you do?

Maybe nothing untoward is really taking place here. Maybe not. In this case, I would call your son or send him a text message explaining the situation. Based upon his response, your next step should be clear: Provide the PMI or report the email as the phishing attack that it appears to be.

Phishing perhaps represents bad actors’ most effective means of obtaining sensitive information from their targets. They are often able to acquire others’ credentials and other pieces of vital information by fraudulently posing as friends and loved ones.

Always err on the side of safety. If that means making it a tad more time-consuming for participants to join your Zoom meetings, then so be it. To quote a famous Russian proverb, “Trust, but verify.”

Keep privacy in mind during Zoom meetings

Regularly using your brain doesn’t just make it harder for hackers to wreak havoc; it can protect you from putting your foot in your mouth in front of others. Remember that meeting hosts can easily generate chat logs, subject to a few disclaimers. They just need to follow a few simple steps:
  1. Launch the Zoom desktop client.
  2. Start your meeting.
  3. Mouse over the bottom of your screen to invoke Zoom’s in-meeting menu.
  4. Click on the Chat icon.
  5. In the lower right-hand corner, click the ellipsis icon.
  6. From the prompt, click on Save Chat.
For example, Michael Bluth is hosting a meeting with his brothers Gob and Buster. During the meeting, at any point Michael can produce a chat log file because:
  • He’s the meeting host.
  • Michael has enabled participants’ ability to chat.
About five minutes into the meeting, Michael does this very thing. Zoom dutifully saves a simple text file to the default location on his computer. This file includes the following data from the meeting:
  • All participants’ public chat messages.
  • Any private chat messages that Michael exchanged with Gob and Buster
  • Any private chat messages that Gob and Buster exchanged with Michael.
Michael’s log file looks something like the following.

Zoom log file Zoom log file of chat activity during meeting.

Note that Zoom omits from these log files all private messages that participants exchanged with each other during the meeting that excluded Michael. In other words, Michael won’t know that Gob sent Buster a message calling him a chicken and Buster agreed with his brother.

Against this backdrop, keep the following privacy-related facts in mind as you use Meetings & Chat:
  • Unless a host actively hits the Record button during a meeting, Zoom does not store video, audio, or chat content. That is, Zoom records nothing by default.
  • When the host begins recording, Zoom provides both video and audio notifications to all meeting participants. If participating on a recorded meeting makes you uncomfortable, then you can always tell the host as much. You can also exit the meeting.
  • Think of each Zoom meeting as a quasi-private forum. If you want to slam your boss and or mock your colleagues mid-meeting, then have at it. Zoom can’t stop you from exercising poor judgment. No tool can. Just remember that meeting participants are likely to notice inappropriate actions. When they do, prepare to suffer the consequences. In this way, Zoom is just like Slack, Microsoft Teams, email, and any other contemporary communications tool.

Whether you’re the host or not, think carefully about what you disclose both publicly and privately. There’s no guarantee that those messages from Zoom meetings will ultimately stay private. Say that you privately chat with colleagues, partners, customers, or other meeting participants. Someone could easily take screenshots of those private messages with a third-party tool and release them after or even during the meeting.

About This Article

This article is from the book: 

About the book author:

Phil Simon is a frequent keynote speaker, dynamic trainer, recognized technology authority, and college professor-for-hire. He is the award-winning author of ten books, most recently Slack For Dummies and Zoom For Dummies. He consults organizations on matters related to communications, strategy, data, and technology. His contributions have appeared in The Harvard Business Review, The New York Times, and many other prominent media sites. He hosts the podcast Conversations About Collaboration.