Video Conferencing: Zoom and Steps to Prevent Video Conference Hijacking

Video Conferencing: Zoom and Steps to Prevent Video Conference Hijacking
Author

For the latest information and resources on Coronavirus, please visit the RCM&D COVID-19 Resource Center at https://info.rcmd.com/covid19.

As millions continue to isolate during COVID-19, video conferencing platforms like Zoom have become crucial for people to telework, socialize and stay connected to loved ones. According to CyberAdviser, membership of Zoom increased from 10 million users in December of 2019 to 200 million users in March 2020.

While membership has skyrocketed, so to have security risks. The FBI has recently issued a warning about “ZoomBombing.” This occurs when hackers discretely join Zoom calls. Once a hacker is in, they take over victims’ screens to share racist, pornographic or other offensive content. “ZoomBombing” can be avoided by taking proper precautions, some of which include requiring passwords for meetings and to restricting who can share their screen.

Additionally, Zoom has also been criticized for several privacy concerns related to inappropriately collecting and sharing data from teleconferences with third parties. The company was recently involved in a class-action lawsuit in which the plaintiff argued the company failed to provide adequate notice before collecting and disclosing personal information and failed to implement and maintain reasonable security procedures.

As a result of these issues, New York City’s schools and organizations like Apple and SpaceX are banning the use of Zoom on company-issued hardware. Additionally, it is reported that the Department of Justice is banning the use of Zoom for confidential communications.

As millions continue to quarantine, it is imperative to understand your teleconferencing software in order to communicate safely. This list from WTP Law highlights what organizations and individuals alike can do to minimize risk while utilizing the Zoom platform.

  • Using Zoom should not be a DIY project for regulated organizations, IT experts should be involved.
  • Use the most up-to-date version of Zoom.
  • Ensure each private meeting is password-protected, including for participants dialing in by phone.
  • Use one-time meeting IDs to host public meetings.
  • Enable "waiting rooms" to screen meeting participants.
  • Do not share meeting links, IDs or passwords outside of the group of intended participants. Rely on meeting IDs only.
  • Take attendance at the beginning of each meeting when practical.
  • Control screen sharing by enabling the "Host Only" feature.
  • Consult cybersecurity professionals for any wide adoption of Zoom within an organization.
  • Revise the organization's policies regarding the use of video-teleconferencing and other online services.

This “new normal” creates unique challenges at every angle, especially from a cybersecurity perspective. Talk to your trusted RCM&D advisor today if you have any questions regarding staying safe in today’s virtual world.