As a huge number of people work from home during the COVID-19 crisis, Zoom videoconferencing is thriving.
Here are some common-sense guidelines that should be followed to safely host public meetings on Zoom without being interrupted by uninvited attendees.
Creating a meeting on Zoom
When creating a meeting, consider the following settings:
- To protect your meetings, screen sharing should be set to “host only” for everyone. To always disallow participants to share their screens in meetings you host, log into your “Zoom” account, go to “Settings”, find “Who can share?” and set to “host only” for everyone.
- You can grant participants the ability to share their screen on the fly during the meeting by clicking the up arrow next to the “Share Screen” button, select “Advanced Sharing Options” and change “Who can share?” to “All participants”.
- Uncheck "File Transfer" unless you know this feature will be required.
- Uncheck "Allow Removed Participants to Rejoin" so that participants who you have removed from your session cannot re-enter.
- Add a passcode to your meeting, then share that passcode with your students via email or any other messenger. The passcode is required in order to enter the meeting. At the time of writing this article, “Zoom” was vulnerable to the “Zoom bombing” vulnerability that could allow uninvited attendees to view your business meeting, or worse, sharing pornographic images and content..
- If you don't want participants to join/interact before the host enters, uncheck "Join Before Host".
- If you don't want to have unexpected guests, consider selecting "Only authenticated users can join meetings".
- Consider turning on the “waiting room” for your meeting so that you can scan who wants to join before letting everyone in.
- Don't post “Zoom” links of your private meetings on a public website or in social media.
Starting a meeting on Zoom
Once your meeting has started, consider the following options:
- Once everyone has joined your meeting, you can lock your meeting so that others cannot join. To do this, click on the "Participants" button in the main toolbar so that the participant panel appears. Look for the "More" button underneath the list of participants. Click the "More" button and select "Lock Meeting". Even participants that know the meeting ID and password cannot join once a meeting is locked.
- Avoid sharing your device screen if it may include private or sensitive information (excel sheet, confidential email, etc.).
- While you are sharing your screen, you can lock annotation so that participants cannot annotate by clicking on the "...More" button in the main toolbar, then choose "Disable Attendee Annotation".
- Avoid sharing your device camera if it may include private or sensitive information in your background (master plan written on blackboard, private business process in a factory, etc.).
- Avoid opening any unknown links or received files. At the time of writing this article, “Zoom for Windows” was vulnerable to a classic “UNC path injection” vulnerability that could allow remote attackers to steal victims' Windows login credentials and even execute arbitrary commands on their systems.
References
- https://www.forbes.com/sites/kateoflahertyuk/2020/03/27/beware-zoom-users-heres-how-people-can-zoom-bomb-your-chat
- https://www.forbes.com/sites/kateoflahertyuk/2020/04/01/zoom-user-warning-this-issue-could-allow-attackers-to-steal-windows-users-passwords
.png){kind=small}
