Zoom Security Amid COVID-19
With the recent news about Zoom, you may be concerned with the security of their video conferencing platform. From embarrassing “Zoom-bombings”, to vulnerabilities, to data leaks, you might feel like you should avoid using Zoom altogether. We also had our concerns as we rely heavily on Zoom, but the good news is that many of the issues can be resolved with previously-available configuration options, and Zoom has responded with new features and bug patches. We believe that you can use Zoom safely by making a few quick configuration changes and following simple best practices.
Control user authentication
- Password-protect your Zoom meetings. Require users to enter a password in addition to the meeting ID for extra security. 
- Restrict who can join your meetings. Require that your participants be logged in to a Zoom account to a join a meeting 
- Connect Zoom to your SSO platform. If you use a Single Sign-On (SSO) platform such as OneLogin or Okta, connect Zoom to it to ensure protected access and compliance with company password or multi-factor authentication policies - If you’re not currently using an SSO platform, we highly recommend it for securing your cloud applications. 
 
Use security features
- Use Waiting Rooms. Enable the Waiting Room feature for smaller meetings (fewer than ~10 participants) so the host can control who enters and when. This is especially useful when you have back-to-back meetings on the same meeting ID. - This is less practical for larger meetings, so we recommend using password protection instead (see above). 
 
- Lock Meetings. If you’re about to discuss a confidential topic, lock the meeting for extra security. This will prevent anyone from joining, even if they have the meeting ID and password. Just remember to unlock the meeting to allow new participants to join. 
- Require encryption for 3rd party devices. More sophisticated Zoom setups (often found in conference rooms) can sometimes connect to Zoom using open protocols without encryption. Enable the feature to require encryption for 3rd party endpoints to prevent this. 
Secure your recordings and chats
- Allow only authenticated users to view your cloud recordings of Zoom meetings 
- Disable local recording of meetings unless absolutely needed 
- Password-protect recordings that have been saved in the cloud 
- Consider disabling private Zoom chats 
- Disable the export of Zoom chat logs 
Update your apps
- Users should keep their Zoom software up-to-date at all times. - Hidden bugs and vulnerabilities can only be resolved by application updates, so make sure everyone knows to keep an eye out for notifications on the Zoom home screen about new updates and install them immediately. 
- If you use an MDM solution like Jamf, your IT team may be able to automate this process for you. 
 
If you’re a Kinetix client, reach out to your Client Success Manager to learn more about how this applies to your organization. If you’re not a client and would like assistance securing Zoom across your organization, please email us at moreinfo@kinetix.com or use our Contact form.
