Securing Zoom Conferencing to Protect Data

Business uncertainty has led to widespread adoption of working from home. Since most meaningful tasks in any organization require teamwork, this remote work approach has naturally led to a dramatic rise in the use of collaboration tools such as Zoom Conferencing.

In March, the daily usage of Zoom increased over 5 times. The platform makes it easy for corporate users and their clients to hop on meetings whenever needed. It is also popular with educators and students seeking to move the curriculum online. Where the good guys go, the bad guys soon follow and so this sudden increase in the platform’s popularity has attracted cybercriminals who seek to hijack meetings and exploit security vulnerabilities.

Zoom has acknowledged the nature and extent of its security weaknesses. Zoom CEO and founder Eric S. Yuan apologized for the confusion related to this issue, saying “We recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry,” Yuan explained that Zoom “was built primarily for enterprise customers – large institutions with full IT support.” He added that Zoom would be “enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.”

Security challenges with Zoom Video Conferencing include:

Data Leakage – Using the Zoom Windows client group chat feature to share links can leak the Windows network credentials of anyone who clicks on them. This is because the Zoom client converts Windows networking Universal Naming Convention (UNC) paths into clickable links. Windows shares the user’s login credentials when a user clicks that link causing unexpected and unwanted logins to the enterprise cloud architecture. It is therefore another reason for strong password policies and monitoring every instance of UNC path sharing.
Privacy shortcomings – Zoom has been accused of passing on data to third parties such as Facebook without notifying the users. It has been reported that the iOS version of Zoom’s app sends analytics to Facebook even for users who don’t have a Facebook account, although this privacy gap appears to have been discontinued.
Zoombombing – the practice of hijacking video conversations by uninvited parties to disrupt the usual proceedings. Hijackers have included school children spreading hateful comments or threats, to adults spreading racist content or even pornography. IT security administrators must implement stringent policies to prevent such attacks.

Security best practices for Zoom Conferencing include:

Password-protect all your meetings, otherwise anyone will be able to join.
Use the waiting room feature – this allows the meeting host to validate each participant before letting them join the meeting.
Enforce login policies – use single sign-on (SSO) technologies such as Google or Okta to allow Zoom access.
Update the Zoom client – install available updates immediately. Cyber criminals are actively attacking and Zoom is responding quickly – the latest update features password protection for all meetings by default.
Do not share your meeting ID, as anyone will be able to join. The UK Prime Minister Boris Johnson highlighted this risk by showing the ID of his cabinet meeting to the entire world via his Twitter account – warn your employees to never copy this idea. Do not post public links to your meeting either.
Disable the “Join before host” function to ensure the participants aren’t surprised by malicious actors.
Disable participant screen sharing to minimize the risk of meeting hijacking.
Lock a meeting when everyone has joined.
Keep track of relevant metrics related to your guests, such as which hosts create the meeting most often and for what number of guests, recent activities by guests, what meeting IDs are consistently being used by guests, who outside of your organization is joining meetings most often, foreign participants and where do they join from, etc.
Keep track of your user activity, especially if they make changes to their user profiles, consistently use personal meeting rooms, or display anomalous behavior.
Ensure you know which accounts have been inactive over the past month.
Monitor Windows UNC path sharing.
Monitor anomalous admin activities as well as new and deleted users.
Do not use Personal Meeting IDs.