Information provided by EMSOU, the East Midlands Special Operations Unit of the five police forces in the East Midlands region.
When it comes to Video Conferencing, for many, the sudden adoption of remote working, social
distancing and self-isolation has created a demand for simple easy ways to stay in touch with
family, friends and co-workers.
The demand has popularised many apps and one of the most talked about in Cyber Security
circles is Zoom, a video chat platform, available in both free and paid for versions.
Unfortunately, Zoom has received quite a lot of adverse publicity because of a number of
important security flaws. Criticism has ranged from uninvited people joining your conversation
to deliver racist messages or pornographic images, to poor encryption methods that mean
private conversations are not always private.
The guidance below has been written for home and business users that may have adopted
zoom, for its ease of use, availability and in the absence of a paid for service.
WHAT CAN I DO?
For those of you using Zoom, make sure you have the latest version of their software. Click
your user icon and select 'Check for Updates'. Usually, updates fix known security flaws.
Running anti-virus software or a firewall on your computer and keeping software up-to-date
will improve your security.
If you are holding public meetings, where anyone can join the conversation, be sure to
configure screen-sharing settings.
Go to 'In Meeting (Basic)' and select 'host alone can share' or turn off screen sharing
entirely. This can also be controlled by the host during a meeting.
Finally, turn of 'Annotation', if you are worried about how people might annotate your shared
Stop Uninvited Guests
Setting up a Zoom meeting creates a 9 digit ID. Anyone who has this ID can join the
conversation. Don’t advertise it publicly by posting it on your Social media.
If you use the 'Options Panel' when setting up a meeting, you can add an access password
too. Would-be trolls now need an ID and a password to gate crash your meeting.
Use the 'Advanced Options' to enable a 'Waiting Room'. This puts people in a holding area before you grant or deny them access to your conversation.
Organisers can lock the meeting once everyone who needs to has joined. Click Manage Participants >> More >> Lock Meeting.
The organiser of a meeting can record audio and video from the meeting. Also, anyone involved in a ‘private chat’ can save this as a log file.
Turn off video and mute yourself unless needed. This prevents video recording conversations in your home or exposing information inadvertently.
It is possible to encrypt your video calls in the settings panel, which will improve the confidentiality of your conversations. Be aware, however that there is no certainty as to whether this is end-to-end encryption.
Accessing Zoom through the browser is more secure than downloading the app. The feature is available on the log in screen when invited to a meeting, although hard to spot.
Always Be Aware
Your conversations may not be as private as you would like. Is Siri, Alexa or Google assistant in range? They will ALWAYS be listening and passing info back to their servers to maintain the connection and sampling purposes.
Whatever platform is chosen it is vital that all the security settings are reviewed and implemented as appropriate.
In circumstances where sensitive or confidential discussions are being held other providers, such as Google Duo, Skype, Face Time, WhatsApp and Webex might be alternatives.