Working from home has become increasingly popular as a result of business uncertainty. Because the majority of relevant tasks in any organization need cooperation, this remote work style has inevitably resulted in a significant increase in the use of collaboration solutions like Zoom Conferencing.

Zoom’s daily usage surged by more than 5 times in March. The software makes it simple for business users and their clients to join meetings at any time. It’s also popular among educators and students who want to take their classes online. Where the good guys go, the bad guys follow, and the platform’s quick rise in popularity has attracted fraudsters looking to hijack meetings and exploit security flaws.

Zoom has admitted to the nature and scope of its security flaws. Eric S. Yuan, the CEO and founder of Zoom, apologized for the misunderstanding surrounding this matter, saying: “We acknowledge that we have fallen short of the community’s – and our own – standards in terms of privacy and security. I apologize profusely for this.” “Zoom was intended especially for enterprise customers – major institutions with complete IT support,” Yuan added. He went on to say that Zoom would be “immediately instituting a feature freeze” and “moving all of our engineering resources to work on our largest trust, safety, and privacy issues.”

Security challenges with Zoom Video Conferencing include:

  • Data Leakage – When using the Zoom Windows client group chat feature to distribute links, anyone who clicks on them will be exposed to their Windows network credentials. Because the Zoom client transforms Windows networking Universal Naming Convention (UNC) paths into clickable links, this is the case. When a user hits that link, Windows publishes the user’s login credentials, resulting in unexpected and unwanted logins to the enterprise cloud infrastructure. As a result, it’s even more important to have robust password restrictions in place and to keep track of every occurrence of UNC path sharing.
  • Privacy shortcomings – Zoom has been accused of inadvertently disclosing user information to third parties such as Facebook. Although this privacy issue appears to have been closed, it has been revealed that the iOS version of Zoom’s app sends analytics to Facebook even for users who do not have a Facebook account.
  • Zoombombing – Uninvited parties hijacking video discussions to cause havoc with the normal flow of events. Hijackers have ranged from schoolchildren making discriminatory remarks or threats to adults disseminating racist or pornographic material. To prevent such assaults, IT security administrators must set strict policies.

Security best practices for Zoom Conferencing include:

  • Password-protect all your meetings, otherwise anyone will be able to join.
  • Use the waiting room feature – this allows the meeting host to validate each participant before letting them join the meeting.
  • Enforce login policies – use single sign-on (SSO) technologies such as Google or Okta to allow Zoom access.
  • Update the Zoom client – install available updates immediately. Cyber criminals are actively attacking and Zoom is responding quickly – the latest update features password protection for all meetings by default.
  • Do not share your meeting ID, as anyone will be able to join. The UK Prime Minister Boris Johnson highlighted this risk by showing the ID of his cabinet meeting to the entire world via his Twitter account – warn your employees to never copy this idea. Do not post public links to your meeting either.
  • Disable the “Join before host” function to ensure the participants aren’t surprised by malicious actors.
  • Disable participant screen sharing to minimize the risk of meeting hijacking.
  • Lock a meeting when everyone has joined.
  • Keep track of relevant metrics related to your guests, such as which hosts create the meeting most often and for what number of guests, recent activities by guests, what meeting IDs are consistently being used by guests, who outside of your organization is joining meetings most often, foreign participants and where do they join from, etc.
  • Keep track of your user activity, especially if they make changes to their user profiles, consistently use personal meeting rooms, or display anomalous behavior.
  • Ensure you know which accounts have been inactive over the past month.
  • Monitor Windows UNC path sharing.
  • Monitor anomalous admin activities as well as new and deleted users.
  • Do not use Personal Meeting IDs.

Stay safe, be well. Learn more about how CYB3R-X protect MSPs against work-from-home cybersecurity risks.