We’ve heard the stories of friends being “Zoom-bombed” (attacks via the Zoom platform) and other security concerns. Given the meteoric rise of Zoom’s use from an obscure app to the star of Covid-19 communications, these concerns rose to a higher level of interest at the FBI. The Boston Field Office offered these recommendations to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s [or home’s] telework policy or guide addresses requirements for physical and information security.

UPDATE: For the more technical among us, security guru Bruce Schneier wrote about Zoom.