Ever heard of Zoom-bombing? Are you using Zoom? Should you be worried about the security of your online Zoom meetings?
If you use Zoom for online meetings, you NEED to read on to find out how to use Zoom while making it secure. These simple steps can save you from embarrassment, and even worse, releasing confidential information to hackers.
On March 30, 2020, the FBI released the following letter (https://bit.ly/2Xosglr) about Zoom:
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
Within the FBI Boston Division’s area of responsibility (AOR), which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:
- In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.
- A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.
The media started reporting on the incidents of “Zoom-bombing” and many organizations stopped using Zoom immediately. We can still recommend using Zoom for meetings, so long as you take some important precautions. Follow these steps to safely “Zoom” your meetings.
Step 1 – Set 2 Factor Authentication
- Login to your Zoom account and select Advanced -> Security under the Admin section on the left side
- Enable Sign in with Two-Factor Authentication for All Users in your Account.
- Log out of Zoom.
- On your phone (iPhone or Android) download the Google Authenticator App.
- Log back into Zoom and you will see the following screen.
- On the Authenticator App on your phone, click the plus sign in the top right-hand corner. Then select “Scan Barcode” on the bottom of the screen.
- Once it is added to Authenticator, you will receive a random number every minute or so. Put the number displayed in the “Enter the verification code” in the box on the Zoom login screen.
- Each time you login to Zoom, it will ask you to enter the code on your phone. Just open the Authenticator app and enter the new code displayed.
Step 2 – Use a different Meeting ID for each meeting
It was common practice to use the personal meeting room for all your meetings. It is much better to setup a different meeting for each time you meet. There are several ways to setup a meeting.
- Inside Zoom:
- Select Meetings on the left-hand menu and then select “Upcoming Meetings” on the top menu.
- Select “Schedule a New Meeting”
- Create a Topic, date, and time for your meeting
- Under “Meeting ID” select “Generate Automatically”
- Under “Meeting Password” select Require meeting password and enter a password (See Step 3 for additional information)
- Under “Meeting Options” select “Enable waiting room” (See Step 4 for additional information)
- Use the Outlook or Chrome Plugins
- Download the Plugin. Click on “Meetings” on the left-hand menu and select either the Outlook or Chrome Plugin.
- Follow the steps to install the Plugin
- Restart Outlook or Chrome (whichever plugin you installed)
- In Outlook, select “Schedule a Meeting” or “Start Instant Meeting” from the top menu.
- Sign into Zoom when it asks you to sign in.
- Set your meeting options when the box pops up. Make sure the options for Meeting ID: Generate Automatically and Require meeting password are selected.
- In Outlook, finish the appointment scheduling as usual. The meeting password is included in the meeting invite. The person receiving the invitation (from the “Required” or “Optional” list of attendees will just need to click on the link. They won’t need to enter the password.
Step 3 – Require a meeting password for all your meetings.
As noted above, one of the most important things you can do is require a meeting password. The Zoom Meeting IDs can be guessed by hackers, but adding a meeting password requires an additional level of complexity to enter into the meeting room. It would be difficult for a hacker to brute-force (guess) the Meeting ID and the Meeting Password. The way to set a Meeting Password was noted above.
Step 4 – Start the meetings with a waiting room
The waiting room requires the meeting host to authorize people into the meeting. Hackers can’t enter a room immediately with this feature enabled, which has been the security issue. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once. You can send all participants to the waiting room when joining your meeting or only guests, participants who are not on your Zoom account or are not signed in.
Participants will see the following screen when joining a meeting with Waiting Room enabled:
- Admitting participants during a meeting
- As the meeting host, click Manage Participants.
- Click Admitto have the participant join the meeting.
- Admit all participants from the Waiting Room
- As the meeting host, click Manage Participants.
- Click Admit all.
Step 5 – During a meeting, make Screen Share Host Only
- Screen Share controls (click ^ next to Share Screen): Select who can share in your meeting and if you want only the host or any participant to be able to start a new share when someone is sharing.
Step 6 – Ensure that Zoom is up to date
Each time you use Zoom, it checks to make sure it is the latest version of the software. Make sure that you update it every time you use the software. You can always download the latest version of Zoom here: https://zoom.us/support/download