This blog article will cover security best practices in setting up Zoom meetings securely to avoid Zooming Security Vulnerabilities!

 

1. Ensure the Host can manage Screen Sharing –

To prevent participants from screen sharing during a call, use the host controls at the bottom, click the arrow next to Share Screen, and then Advanced Sharing Options.

Under “Who can share?” choose “Only Host” and close the window.

Host can manage Screen Sharing - Zooming Security Vulnerabilities

Image Source: Zoom Blog

The meeting host can also lock the Screen Share by default for all meetings in web settings as shown below.

Containerization and it’s Impact on Enterprise Security

Image Source: Zoom Blog

 

2. Ensure the Host can manage Meeting participants –

  • Allow only signed-in users to join: If someone apart from the invitees, tries to join the meeting and is not logged into Zoom with the email they were invited through, they will receive the message:

Allow only signed-in users to join

Image Source: Zoom Blog

  • Lock the Meeting when intended participants are in: This setting will ensure that no new participants can join, even if they have the meeting ID and password once the host locks the meeting.

To lock the meeting, kindly follow the below steps :

Click Participants at the bottom of the Zoom window and in the Participants pop-up, click the button that says Lock Meeting.

Lock Meeting.

Image Source: keepteaching.usc.edu

  • Ensure to set a password for Meeting: Generate a random Meeting ID when scheduling the event and requires a password to join.

Settings > Navigate to the Meeting tab and verify the password settings that you would like to use for your meetings.

Ensure to set a password for Meeting

Image Source: Zoom Blog

  • Put the Participants on hold (if required): Click on the participant’s video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participant’s list when you are ready to have them back.

Click on Manage Participants in the host controls > Scroll over the name of the attendee you want to put on hold. Click More, then Put on hold > Click Takeoff hold in the participants’ list whenever you are ready to bring them back into the meeting.

Put on hold

Image Source: Zoom Blog

  • Disable Video (if required): Hosts can turn participant’s videos off using manage participants This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.stop video

Image Source: Zoom Blog

  • Mute Video (If required): Hosts can mute/unmute individual participants or all of them at once under the manage participants option.

Select Manage Participants > Select Mute All > Click on Allow participants to unmute themselves. Clicking Continue will mute all current and new participants.

Mute all

Image Source: Zoom Blog

  • Disable File-Transfer: Zoom allows participants to share files through the in-meeting chat. The host can disable this from getting bombarded with unsolicited pics, GIFs, memes, and other content.

Click on Account Management > Click on Account Settings and scroll down. Under the File Transfer option, Disable it.

Disable file transfer

Image source: Gadgetsnow.com

 

3. Try the option ‘Waiting Room’ –

The Waiting Room is a virtual staging area that stops guests from joining until the host is ready to allow them. This feature is especially beneficial to make the meeting more secure. It also gives security plus added visibility into who is trying to join.

Click on the Meeting Advanced option > Search or scroll to find the Waiting Room option > Enable the Waiting Room feature.

Maze Desktop

Image Source: Zoom Blog

After enabling the Waiting Room feature, the host can choose to send all participants to the Waiting Room or to send only some participants (external accounts) to the Waiting Room.Enable waiting room

Image Source: Zoom Blog

 

Secure Zoom Meetings Setup Quick Bytes –

  • Ensure the Host can manage screen sharing options
  • Ensure the Host can manage meeting participants
  • Ensure to set – require a password for the meeting
  • Protect your zoom account with a strong password
  • Lock the meeting when intended participants are in
  • Do not use social media to share conference links
  • Do not use your personal Zoom Meeting ID
  • Leave ‘Enable join before host’ unchecked
  • Prefer to turn host and participant video off by default
  • Mute participants on entry
  • Try the Waiting Room option

Note – Read about Zooming Security Vulnerabilities in Part 1 in our article zooming Security Vulnerabilities Part – 1.

Blog Authors –

Poornima J. / Ashish M.

Security Consultants – Varutra Managed SOC