This week, they made a big move on the masses, as a large amount of the population is working from home, and sites/apps like Zoom are growing in popularity to keep coworkers connected. The FBI is warning that hackers have been “zoombombing” calls—essentially hijacking conference calls—and some of these unwanted callers have even known to leave some pretty offensive stuff on your screen. And this warning is real; it happened to a UAT employee, who fortunately wasn’t the one hosting the call.
At UAT, Zoom is useful, but definitely not our main platform. Microsoft Teams and Canvas LMS are our primary platforms for distance learning. We use a myriad of others as well, including Discord, Slack and Zoom. We mostly use Zoom for special purposes, and not for normal class activities. With that said, we are careful with our links… password-protecting meetings, managing participants, keeping a close eye on attendance, controlling who can share a screen, etc. So, let’s talk a about some common mistakes people make when using Zoom and tips to avoid becoming a victim to hackers.
First of all, assume what happens in Zoom does not stay in Zoom. Keep that in mind for every call and don’t use it for sensitive information. Along that same mindset, don’t link your Zoom account to other social sites like Twitter. In fact, it’s really smart to create a new email to use only for your Zoom account; don’t use your main email, and definitely don’t login with Facebook.
If you’re the host, the responsibility truly lies on you to take the extra precautions. Make sure to select the option for private and create a password for all people on the call—or else anyone can have access to it. Check and manage the attendance and match it to who should be in the room. For guests, you can control access by using a waiting room to verify who they are. For UAT, we only allow the host to share their screen, which prevents the bad content from creeping in. In addition, don’t click links in the chat that you don’t trust, the same as in email, and consider using the site in a browser versus downloading on your desktop.
As always, it’s important to keep your computer up-to-date and as secure as possible. Never wait on installing updates, and make sure to have security installed on your computer. Sophos, AVG, Norton, and McAfee are all good options for Internet security, and also make sure to consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it? Finally, ensure your VTC software is up to date. These patches address security vulnerabilities within a program or product.
To sum it up, while we know there are global security and privacy concerns with Zoom, we have enough institutional prowess to navigate the concerns to ensure we are protected, and it is still a great tool for what it’s good for.
See President Pistillo featured on AZ Family News discussing Zoom safety here:
And find out additional tips at:
- DON'T CLICK ON WEIRD OR UNTRUSTED LINKS. This attack is useless if you just don’t click the link.
- If you can close port 445, do it. Port 445 is used to transmit traffic related to Windows SMB and Active Directory services. Zoom uses port 445 to send credentials over your device, so blocking the port or only allowing access to trusted addresses on the internet is definitely the way to go.
- Adjust your screens; you don’t want just anybody to able to share your screen and engage with you in “zoombombing” (a new fad in the spotlight). This is mostly a task for whomever is running the meeting, but take note on where to find these options. Open Zoom’s general settings, and then go to screen sharing > advanced > and edit as needed.
- Another great tip is to use waiting rooms. What this allows the
host to do is prescreen the guests as an extra layer of security. To access these options, go to your master account settings
under “My Account” on the top right of the main screen, click
Settings > meetings > (scroll all the way down) waiting room
options… and boom!
- You could also create a webinar instead of a meeting, but that is
locked behind zooms 14.99 monthly pay wall.
Designated as a Center for Academic Excellence in Information Systems Security Education by the US National Security Agency, UAT offers an ethical hacking degree that’s highly recognized by industry and government entities alike. You can get a Bachelor’s Degree in Network Security, or a Master’s Degree in Cyber Security. Take the first step by completing a FastApp today!