It's not quite business as usual
I recently participated in an information-sharing webinar not too dissimilar to your typical conference call, and like so many of you I experienced some glitches. Handover of screen control to and from the host and between panelists did not go very smoothly, as each panelist and possible participants were able to share their screen. As we discussed the webinar and the eventual successful delivery of the content, we brushed the issues aside as just technology issues!
It was not until a few days later in a discussion with a friend, fellow information security colleague, who relayed his own experience with a remote conference tool, that we decided to provide some guidance. The issue he experienced was that while his friend hosted a “private meeting” via Zoom, an uninvited guest jumped in and hijacked the meeting. This act is referred to as Zoom-Bombing and the hijacker referred to as a Zoom-Bomber.
This piqued my curiosity and upon reading other articles I did a few basic checks to see if this was the case with my last webinar. I revisited a few previous invitations I had received and lo and behold I was still able to access a previously concluded meeting by utilizing the meeting link that was shared.
This article is not meant to be a step-by-step guide for configuring Zoom or any other meeting/conferencing utility, but to provide a few tips (that can also be found on Zoom’s and Checkpoint’s blog site) that can assist in reducing your risk exposure as the usage of these types of tools/utilities increases.
Decide which application is right for you: ensure that the tool or version is fit for purpose. Consideration must be given to the privacy and security requirement of your event.
Download the application only from the official site: other downloads may contain malware.
If already installed, ensure that you have the latest version, check for updates and fixes prior to each use.
Take the application for a test run to familiarize yourself with the features.
Generate a unique meeting ID, using a personal meeting ID suggests that it is meant to be a continuous or recurring meeting and anyone who stores that ID may be able to join a future meeting at any time.
Enable the waiting room feature: Participants will have to wait until the host grants access; this however, may not be practical for large meetings.
Use meeting passwords: Ensure that you do not share the link as generated as it will contain the password. If you share the meeting URL ensure that everything after the meeting ID is omitted.
Use a virtual background.
Disable file-sharing unless it is required.
Manage screen sharing; as a host you can determine who can share their screen.
You have the option to lock the meeting.
Determine who can record the meeting.
Let me reiterate, ensure that your application is downloaded from the official site as other downloads could be laced with malware. According to "HackerNews" there has been an increase in the amount of domain registrations seeking to mimic the official Zoom domain and others like it. This may trick users to visit a malicious site or download malicious software. Expect more issues and vulnerabilities to come to the fore as the use of Zoom and other collaboration tools become more prevalent.
As we all face this crisis together let us protect each other from harm by practicing good hygiene whether in the physical or cyber world.