Zoom Security Guidance

zoom

ICN was founded on connecting classrooms across Iowa using video conferencing. As we move toward the June 30th end-of-life date of our Video service, many of our State government and education customers have moved to Zoom as a means for conducting virtual meetings and classes. Zoom has been in the news quite a bit for potential security flaws with their desktop app, as well as “Zoom-Bombing” where uninvited and unintended guests show up to meetings and cause disruption.

Here are three of the best ways to help mitigate the risks of utilizing Zoom, or any online video solution.

  • The first way is for administrators, meeting hosts, and users to realize the importance of setting up security parameters correctly.
  • The second way is to discourage users from screenshotting meetings and giving away things such as Meeting ID’s, usernames, and other information that can be used to crash sessions.
  • Lastly as with all software, make sure the latest, most up to date version is being utilized.

Some of the best advice to help secure your Zoom events include:

  • Use a unique Meeting ID, require a password, and have it be invite-only.
  • Create a waiting room where the host allows only authorized participants in.
  • Disable file sharing in chats.

Manufacturer documentation and user guides are the best place to find information on configurations, parameters, and settings, but if you don’t want to dig through those here are a couple great blog posts from Zoom and an article from PC Mag on best practices and tips for securing virtual classrooms and keeping uninvited guests out of meetings and events:

How to Keep Uninvited Guests Out of Your Zoom Event, Zoom Blog

Best Practices for Securing Your Virtual Classroom, Zoom Blog

How to Prevent Zoom-Bombing, PC Mag

Zoom is not the only video and collaboration solution out there as well. Microsoft Teams, Cisco Webex, and Google Hangouts are also popular and viable solutions during this time of social distancing. I would again highly recommend that time and consideration is given to carefully configure and harden any solution utilized.

Ryan Mulhall
ICN Network Services Bureau Chief
ryan.mulhall@iowa.gov