The COVID-19 pandemic has pushed many businesses to rely on the security and stability of their remote capabilities to ensure business continuity. In an effort to keep employees connected during this time, organizations have begun utilizing various video-conferencing tools, such as Zoom.
Lately, Zoom has been receiving a lot of negative press on their security. However, many of the incidents spread on the front page could have been prevented.
We’ve compiled a few tips detailing what your business can do to secure your Zoom meetings. Each organization will need to assess these settings based on their own business requirements; the settings mentioned below are, in some cases, restrictive and may not fit your business needs. Make sure Zoom is added to your patch management program to make sure you have the latest security patches, and always test and review your settings with Zoom representative.
Account Settings
- Password protect meetings
This will mitigate Zoom-bombing. Administrators can set this as a default, but it can be changed by the user unless enforced globally.
Settings:
| Require a password when scheduling new meetings | Enable |
| Require a password for instant meetings | Enable |
| Require a password for Personal Meeting ID (PMI) | Enable |
| Require password for participants joining by phone | Enable |
- Encrypt communications between all data from Zoom cloud, Zoom client, and Zoom Room
| Require Encryption for Third-Party Endpoints (H323/SIP) | Enable |
- Disable the ability for hosts and participants to send files through the in-meeting chat
This option might not be feasible from a business perspective depending on how you want to use Zoom meetings.
| File Transfer | Disable |
- Restrict who can share their screen and annotations
If you are working with your team on a business opportunity, it might not make sense to lockdown screen sharing. If you are hosting a large group, consider the following security controls to prevent inappropriate screen sharing, annotation, and whiteboard displays.
| Screen sharing | Enable |
| Who can share | Host Only |
| Annotation | Disable |
| Whiteboard | Disable |
- Keep previously removed participants from rejoining
| Allow removed participants to rejoin | Disable |
- Identify guest participants (someone who does not belong to your account or organization in the meeting
| Identify guest participants in meeting/webinar | Enable |
- Enable a waiting room. Attendees can’t join a meeting until a host admits them individually
This can help prevent unauthorized individuals from joining.
| Waiting room | Enable |
- Hide sensitive information from the snapshot of the Zoom main window and enforce globally
| Blur snapshot on iOS task switcher | Enable |
You can also set a policy for meetings that are recorded. There are times when you want to record a meeting, such as training or webinar that you would like to distribute after the meeting. Recording should be restricted to the host and should not be stored in the cloud.
- Do not allow participants to record the meeting to a local file or record in the cloud
| Local recording: Hosts can give participants the permission to record locally | Unselect |
| Cloud recording | Disable |
- Display a disclaimer to the participants before a recording starts
| Recording disclaimer | Enable (add legal disclaimer) |
Security Settings
Implement your password policy. You can also enable two-factor authentication or allow users to sign in with single sign-on (SSO) for your domain. Authentication settings can be configured to meet your organization’s requirements. Additional setting include:
- Do not allow users to sign in with Google or Facebook
| Allow users to sign in with Google | Disable |
| Allow users to sign in with Facebook | Disable |
IM Management
- Do not allow users to take and send screenshots in direct messages or group conversations
| Screen capture | Disable |
- Do not allow users to send files in direct messages or group conversations
| File transfer | Disable |
- Enable end-to-end chat encryption and enforce globally
This will encrypt all messages and files while being transmitted and when they are stored.
| Enable end-to-end chat encryption | Enable |
- Disable the ability for messages and files to be stored in the cloud
| Cloud storage | Disable |
