Using Zoom? Stay Secure With These 12 Tips

Maor Bin
Maor Bin
Mar 23, 2020 · 5 min read

On March 11th, 2020, the World Health Organization recognized the global outbreak of COVID-19 as a pandemic. In times like these, many companies encourage or mandate their employees to work from their homes to ensure they remain healthy and safe.

During mandatory Work From Home situations, business communication and productivity are major factors of success. Making sure employees can communicate with one another becomes crucial.

Like any technology, video conferencing apps (like Zoom, Webex, Bluejeans, Hangouts) come with default configurations, which can at times expose organizations to cybersecurity risks. As a security admin or user, you might want to change some of these defaults.

SaaS cybersecurity risks associated with default configurations: Exposing sensitive corporate data to unauthorized or external users, Publicly exposing user details and making them easier for adversaries to collect and Unintentionally propagating malware by using inadequate file-sharing capabilities.

Enterprise users need to have this in mind and change these default configurations to ensure they are using conferencing systems in a secure fashion.

Below you can find some highlights of what our team of cybersecurity experts @ Adaptive Shield thinks are the most important security features you need to take care of when setting up a video conferencing app, with specific instructions for Zoom.

Have safe and secure collaboration sessions.

Avoid potential Data Leakage:

Prevent users from recording a meeting to a local file

1. Go to Zoom's Settings page 
2. Account Management > Account Settings > Recording
3. Turn off Local recording

Enforce password protection for shared Cloud Recordings

1. Go to Zoom's Settings page 
2. Account Management > Account Settings > Recording
3. Turn on Require password to access shared cloud recordings
4. Check Require a password to access the existing cloud recording

Make sure all messages and files are encrypted locally and on transit

1. Go to Zoom's Settings page 
2. IM Management > IM Settings
3. Under Security Turn on Enable end-to-end chat encryption

Prevent the download of Cloud Recordings

1. Go to Zoom's Settings page 
2. Account Management > Account Settings > Recording
3. Turn off Cloud recording downloads
4. Make sure Only the host can download cloud recordings is unchecked

Access Control:

Enable SSO / 2 Factor Authentication for all users

1. Go to Zoom's Settings page
* SSO can be enabled for paid users only:
2. Advanced > Single Sign-On
3. Turn on Enable Single Sign-On
*
If your organzation doesn't use SSO, or you're not a paying user:
2. Advanced > Security
3. Turn on Sign in with Two-Factor Authentication

Make sure only authenticated users can view Cloud Recordings

1. Go to Zoom's Settings page
2. Account Management > Account Settings > Recording
3. Turn on Only authenticated users can view cloud recordings
4. Under Authentication Options, make sure you specify which authenticated users can access the Cloud Recordings

Choose an unguessable Meeting ID (e.g. many users pick their personal telephone number as their permanent Meeting ID)

1. Go to Zoom's Settings page
2. Make sure Personal Meeting ID isn't guessable, you can edit it by pressing Edit

Consider setting a password for meeting access

1. Go to Zoom's Settings page
2. Account Management > Account Settings > Meeting
3. Turn on Require a password when scheduling new meetings
4. Check Require a password for meetings which have already been scheduled
5. Turn on Require password for participants joining by phone

Keep users׳ Privacy:

Prompt participants for consent to be recorded when recording starts

1. Go to Zoom's Settings page
2. Account Management > Account Settings > Recording
3. Turn on Recording disclaimer
4. Check both Ask participants for consent when a recording starts and Ask host to confirm before starting a recording

Start meetings with video turned off :)

1. Go to Zoom's Settings page
* Admins can change this setting globaly through:
2. Account Management > Account Settings > Meeting
* Users can change it locally through:
2. Settings
3. Turn off Host Video
4. Turn off Participants video* It's always possible to turn video on and off during meetings

Enable a chime to play when participants enter a meeting

1. Go to Zoom's Settings page
2. Account Management > Account Settings > Meeting
3. Turn on Play sound when participants join or leave

Malware Protection:

Consider instructing your users to share files using sharing platforms such as OneDrive/Box/Dropbox, where you have more control and built-in security mechanisms. If you choose to do this, you should prevent file sharing in meetings and DMs

1. Go to Zoom's Settings page
2. IM Management > IM Settings
3. Turn off File transfer
4. Continue to Account Management > Account Settings > Meeting
5. Turn off File transfer

In case you want to allow file sharing in meetings and DMs, you should at least prevent users from sharing executable file types

1. Go to Zoom's Settings page
2. IM Management > IM Settings
3. Turn on File transfer
4. Check Only allow specified file types, specify executables file types and press Save
5. Continue to Account Management > Account Settings > Meeting
6. Turn off File transfer
7. Check Only allow specified file types, specify executables file types and press Save

Adaptive Shield

Remediate risks by continuously fusing and analyzing…