• Home
  • Hackers
  • The Ultimate Zoom Security Guide for Meeting Hosts – Pt 2

The Ultimate Zoom Security Guide for Meeting Hosts – Pt 2

Don’t Share Meeting IDs in Screenshots

When you take a screenshot of your Zoom meeting, the meeting ID, and some other private information about the meeting is shared. If your meetings aren’t password-protected, then hackers could use just one screenshot to infiltrate and zoom-bomb your room. If you do want to take a screenshot of the Zoom meeting, be sure to clip the parts with the meeting ID and other private information. You can either trim the screenshot image or add solid-color boxes over key details.

Allow Only Signed-In Users

One helpful standby tactic is to only permit users who are signed into Zoom to enter your meetings. Zoom is open and friendly, and you don’t need to be signed in to jump into a meeting. This has been great for the digital transition, onboarding, and general flexibility. But it’s also insecure. For company meetings, always adjust the settings so that only users who are signed-in can access your meeting.

If, like most meetings, your meeting is supposed to be invite-only, then you can also specify that only those logged in with the right invited email-address can attend.

Don’t Post Meeting Links Publicly

The link to your meeting is even more accessible than the meeting ID. Anyone can follow it and, if you’ve left the doors open, anyone can join in. If you need a whole group of people to join your meeting, or if your meeting is somewhat public, then post the link only in group-specific chats and message-boards that are only accessible (or accessed) by those who should be attending the meetings. Do not post your meeting links in social media posts, on your profile, or in a public announcement. This is just asking for uninvited guests.

Make Use of Waiting-Room Approval

The waiting room is a unique feature of video-chat programs. Essentially, it is a request-approval phase of allowing participants into your meeting. When someone wants to join, they enter the waiting room. The host then acknowledges them and accepts or denies their request to join. With the waiting-room feature, you can boot hackers every time because they will be someone you don’t recognize.

– Enable the Waiting Room

Find the waiting room feature during meeting creation. It’s in Advanced Options. Select and save this setting and prepare to let your guests in. This opens the feature that will allow you to approve each participant as they log into your room, before they actually enter the room.

– Monitor Room for New Participants

Keep an eye on the waiting room. You don’t want to leave anyone out in the cold, but you also don’t want to open the door to hackers. So stay attentive. Waiting-room management is more challenging if you have people arriving throughout the meeting, and easier if you lock the meeting once everyone you invited has arrived.

– Only Approve Known Participants

When someone applies to join in the waiting room, look closely. Don’t just glance at pictures and usernames. A hacker may already have a previously-stolen photo of a coworker or be using a purposefully similar username. For public meetings, work with a blacklist policy instead: filtering out known belligerents while letting most others in.

Lock Meetings When Everyone is Present

If your meetings have a set number of attendants, as most do, you can also lock your meeting when everyone is present. No need to leave the gates open when you’re ready to get down to business. To do this, click  the Zoom toolbar, and then “More.” Follow this to “Manage Participants.” This will give you a drop-down, and the last option is “Lock Meeting.” By doing this, you prevent anyone else from joining or attempting to join the meeting while it’s in session. Locked meetings are also a great way to discourage tardiness.

Securing Public Zoom Meetings

Finally, we’d like to wrap up with a few special tips for securing a public meeting. We know many businesses and organizations are using Zoom for webinars, events, and other public online meetings. You may have a good reason to post your link in social media, and to announce the meeting all over the internet. That’s great! In addition to any of the previous tips you care to implement, these will help you keep your Zoom meetings both public and secure:

– Use Random Meeting IDs, Never Your PMI

Never use your PMI – personal meeting ID. This is like a link to an ongoing meeting that never ends. Your PMI leads to a personal meeting, much like your cell number. A hosts’ PMI is great for team communication during the workday, not great for public meetings shared with the world. Instead, generate a random meeting ID and share that.

– Community Password Sharing

We highly recommend that even public meetings require a password to make them resistant to zWarDial attacks. However, you can work around it. Post your password in community chats and forums of the people you’d like to invite. If you have most of your community on an email list or as social media friends, send out a private blaster-message, including the link and password, somewhere a hacker will never see. Even a little bit of obscurity is enough to significantly reduce your risks of a public meeting being zoom-bombed.

– Quick on the ‘Hold’ and ‘Remove’

Finally, have your ban-hammer ready. If someone is disruptive, remove them. A person cannot un-remove themselves, so they are banned for good. Ban known hackers with the remove feature. Hold, on the other hand, is for participants who need to be muted, but not forever. Putting someone on-hold is like putting them back in the waiting room. They can return, but you can stop a tirade or disruptive exchange in its tracks this way. With active moderation, you can curb bombing and trolling behaviors in your public meetings.

Zoom meetings have become an essential part of the new stay-at-home business workflow. We hope that these tips have provided the insight and tools you need to secure your meetings and keep your business safe from crisis-opportunist hacking attempts. Contact us today for more insights on how to expertly navigate the new remote workforce challenges.