ISG Playbook
APIsAs of March 17th, a survey of global HR executives shows that 88% of organizations have encouraged or required their employees to work from home.(1)
Zoom's video conferencing application has seen widespread adoption at an unprecedented rate, with reported revenue increase of 78 percent. Zoom's stock(NASDAQ: ZM) price has soared, peaking at a 100 dollar per share increase from December 27th, 2019, the day that a new coronavirus was identified as the cause of illness in for a patient in China.
Since then Zoom has been the darling of Tech Media and the most touted success story in Business Media during the pandemic. Until Yesterday.
Yesterday afternoon, articles started appearing with a new term: "Zoombombing", or when uninvited guests join unsecured meetings and disrupt the meeting. By this morning a tidal wave of articles decrying the evils and peril of using Zoom, their security practices, and allegations of being hacked have appeared.
Despite the allegations Zoom, is the tool of choice for virtual meetings for a reason. It has great features, it's easy to use, and has highly configurable meeting settings.
View the Zoom Meeting Security Best Practices below. Using these techniques or a combination thereof will keep your meeting secure. Remember, the incidences that are behind the avalanche of bad press for Zoom are for unsecured meetings.
The CCSQ LACE wishes you Happy Zooming!
(1) Gartner, Inc. survey of 800 global human resources (HR) executives
Can Prevent Zoombombing
First and foremost, don't
share your account informationDon't publiclypost meeting
roominformation on
confluencesocial media or other public websites.
- Generate the Meeting ID automatically. This is set by default in Zoom so don’t disable the option and set your own Personal Meeting ID, which will often be easier to guess.
- Require a login password. Zoombombing happens when an attacker obtains the meeting ID , and no password has been set. Hosts should generate and allocate their own unique password for each meeting. The password can be a mixture of letters and numbers. If you can, use a password generator to ensure you have a complex one
- Use the Waiting Room feature. This automatically turns off the facility for others to join the meeting before you, the host. It might seem a bit tedious to have to confirm each participant one by one to join the meeting, but it does mean you will be allowing in only legitimate attendees.
- Mute participants upon entry – you can unmute attendees when they need to speak or when you are satisfied that only authorized folks are in the meeting.
- Disable video by default for hosts and participants, Again, you can allow users to display video after the meeting has started.*
- Screen sharing should be on, but initially for the host only, unless you are sure you know all the participants.*
See more:View file name Zoom Guidance for Contractors.pdf height 250 - Create a unique meeting ID for each meeting
- When creating a new meeting, select join by computer in the audio settings
- If allowing join by phone, or require dial in participants to use their attendee ID when calling in. Not only will this make your meeting more secure, but you also know who is talking.
- Create an access code for you meeting. In your meeting invitation, include the access code.
- Create a lobby for your meeting in the Advanced Options section . When someone joins your meeting, either you or a co-host will have to admit them to the meeting.
- Enable "Only authenticated users can join." This forces users to have a zoom account. Then you know who is in your meeting