Adjusting Zoom Conferencing Settings to Enhance Security for Businesses

Adjusting Zoom Conferencing Settings to Enhance Security for Businesses

Lane Griffing

Secure Zoom Call Settings

As has been well-publicized, with the exceptional fast adoption of Zoom teleconferencing there have been revealed some security concerns. These concerns are not so much with the platform, or its environment, but it is more pertinent to the default settings. This article is intended to address settings which presenters can adjust to benefit their security, as well as the security of their attendees.

As with all things security, let’s focus on those settings which reduce risk the most:

  • Using a personal meeting ID vastly increases risk

  • Neglecting to use a meeting password increases risk

  • Unless it is required, allow only the meeting host to share their screen

  • Allowing unrestricted camera use is an invitation to problems

  • Not surprisingly, allowing file sharing can be a security vulnerability

  • Meeting attendees also need to pay attention to security

Meeting Organizers

Adjust meeting ID defaults

  • Go to Personal-> Settings_> and disable the options to “Use Personal Meeting ID when scheduling a meeting” and “Use Personal Meeting ID when starting an instant meeting”

Personal_Settings_Step_1.jpg

Force the defaults to require a meeting password for each meeting

  • Go to Personal-> Settings -> set to “Only only authenticated users can join meeting”

  • Enable “Only Authenticated Users can join meetings from Web client

  • Enable “Require a password when scheduling new meetings”

  • Enable “Require a password for Instant Meetings”

  • Enable “Require a password for PMI”

Personal_Settings_Step_2_Force_User_Password.jpg

Disable screen sharing if not needed - Unless the use of screen sharing by attendees is required, it is recommended to disable this default. If this feature is disabled, then it is not possible for an “uninvited” attendee to Zoom-bomb your meeting. The setting “Disable desktop/screen-share for users” can also be adjusted based upon requirements.

Personal_Settings_Step_3_Limit_Screen_Sharing.jpg

Disable meeting annotations - Some meetings depend upon the ability to have users annotate the data on the screen. However this is a setting which is easily adjusted if it is not needed. If the feature is turned off by default, this prevents a malicious user from making malicious annotations.

Personal_Settings_Step_4_Prevent_Annotations.jpg

Restrict camera use by attendees - This may mean turning off remote cameras, or it may simply mean having every attendee’s camera disabled until the user enables it during the meeting. This is generally more intended to prevent “pajama-bombing”…but the organizer does have the ability to disable an attendees camera if misbehavior becomes apparent.

Go to Settings-> Schedule Meeting and adjust settings as desired.

Disabling File Sharing is recommended unless it is required for a specific meeting. The risk of having this enabled is that since the business is likely NOT managing security on attendee endpoints, it would be possible for an infected file to be uploaded to the business environment. Eliminating file sharing should eliminate this risk during a meeting.

Go to Settings-> In-Meeting (Basic)-> File Transfer

Personal_Settings_Step_6_Disable_File_Transfer.jpg

Use Invitation-only meetings - When invitations are created for a meeting it may be desirable to limit attendance to invitees only so that if a link is forwarded to someone NOT specifically planned for the meeting, they will not be able to attend. (Note: this feature is only available with paid Zoom accounts).

Go to Settings-> Schedule Meeting-> “Only Authenticated Users can join meetings”

Meeting Attendees

There are steps which attendees can take to enhance security:

  • if you have the option of joining a meeting using the web interface instead of installing the Zoom software, this is recommended

  • control your camera - be aware of what is in the background that viewers can see, don'‘t enable it until you are ready

  • It is recommended to never accept file transfers or website links during a meeting unless the presenter is well-known and trusted. Remember that the presenter may be working from home on a personal workstation…how well is the security managed? If a file is accepted, ensure that it is scanned by antivirus before using it.

  • If you only attend Zoom meetings infrequently, you can uninstall the Zoom Meeting software from Control Panel-> Programs

Video - The impact of integrating DarkCubed with firewall security (5:05)

Video - The impact of integrating DarkCubed with firewall security (5:05)
COVID-19 and remote access expectations and security issues

COVID-19 and remote access expectations and security issues

Related Posts