How Do You Stop Unwanted Attendees From Joining Your Zoom Meetings?
As millions of employees have shifted to working from home, Zoom, the videoconferencing solution, has become a popular option. Employees are using the platform for virtual meetings, classes, and training.
Yet, with the increase in Zoom usage, there has been a dramatic surge in attacks that infiltrate the platform or dupe unsuspecting users into sharing security credentials. These attacks are a potentially serious threat to your company’s IT security.
Fortunately, Zoom has developed new guidelines and features to curb some of these threats. Those protective measures, coupled with employee education, can save your business from costly and disruptive events that threaten your most sensitive data.
What Is Zoom?
Zoom is a cloud-based videoconferencing application that allows users to create virtual meetings, conferences, and webinars. Businesses and schools have widely adopted Zoom as workforces have shifted to working from home.
The rise in Zoom has been staggering. In April 2020, the company announced it had reached a peak of 300 million daily users, up from 200 million a month earlier. That compares to peak daily usage of 10 million in 2019.
Yet with the platform’s growth has come a rise in disruptions. “Zoombombing” became a household world as disruptors infiltrated online gatherings, shouting obscenities, playing music, and showing pornography. These attacks often befell meetings that were posted online or did not use built-in security tools such as passwords.
Hackers are also using the Zoom platform to launch phishing attacks. In 2020, 3,300 domain names containing the word “zoom” were registered, with 2,200 recorded in March alone. Of those new domains, more than 30 percent had activated email servers.
The suspect websites and email servers likely are used for phishing attacks. Such schemes send emails to unsuspecting users trying to trick them into sharing login credentials or paying fake company invoices. They are part of an alarming rise in phishing attacks trying to capitalize on the lack of familiarity with new technologies and the desire for information about the pandemic or federal financial stimulus payments.
What Is Zoom Doing to Protect Against Cyberattacks?
In response to the zoombombing and phishing attacks, the company has taken several steps, including:
- Launching a new version, Zoom 5.0, with greater encryption functionality
- Removing features from LinkedIn and Facebook plugins that collected user data
- Changing default settings to require passwords. limit screen sharing and enable Waiting Rooms
- Shifting feature development work to privacy and security issues
- Adding more training webinars, daily demos, and video tutorials
- Removing an attendee attention tracking feature
- Allowing users to customize which data centers they use for their accounts, following reports that the company used Chinese servers for some sessions
Zoom blamed some of the issues on the rapid shift in the way the product is used.
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” the company noted.
What Can Our Business Do to Protect Against Zoom Attacks?
Businesses can follow several tips to protect employees’ work and meetings from unwanted attacks. Besides, these suggestions help protect against Zoom or similar phishing attacks:
- Treat Zoom login credentials just as you would other secure usernames and passwords.
- Do not share Zoom invitations and passwords on social media or public websites.
- Check those domains used for Zoom-related work use zoom.us in the address.
- Use a password for all your meeting.
- Make sure to protect meetings with Waiting Rooms, muting, and screen sharing settings.