In recent weeks, the video conferencing tool Zoom has become a lifeline for millions of people around the world. If you are a student or remote worker, there’s a good chance you’re using Zoom every day to attend online classes, participate in virtual meetings, or communicate with friends and family.
But the platform’s quick growth has brought its own challenges, specifically surrounding privacy and security measures. This has led to increased scrutiny of the tool, in particular over a phenomenon known as “zoombombing,” which refers to hackers and online trolls accessing and wreaking havoc in private Zoom meetings.
Schools, universities, and nonprofits have been prime targets. On March 30, the FBI issued an official warning about Zoom and teleconferencing hijacking, leading some organizations to rethink their use of the tool. Late last week, New York City’s Department of Education announced it was banning Zoom over its privacy concerns, urging teachers and students to use Microsoft Teams instead.
While Zoom has vowed to fix its security issues in the next 90 days, you probably don’t want to wait that long if you rely on the tool to study or work. The good news is you don’t have to—there are a number of precautions you can take right now to protect your privacy and data while using Zoom.
Here are six tips to help you get started.
1. Avoid using your Personal Meeting ID (PMI) to host meetings.
Your PMI refers to your unique Zoom meeting room—analogous to your Skype handle or even your cell phone number. Each time you host a meeting, anyone with your PMI can join even without the meeting URL. To avoid your PMI being circulated online, it’s best to use a randomly-generated meeting ID for each conference call.
“Your PMI is basically one continuous meeting and you don’t want randos crashing your personal virtual space after the party’s over,” Zoom wrote in a blog post about keeping unwanted users out of meetings.
The next time you set up a meeting, uncheck “Use my Personal Meeting ID” to make sure invitees receive a unique link to the meeting and not your PMI.
2. Enable the “Waiting Room” feature.
The “Waiting Room” feature means no one can join the call unless the host manually admits them. While it may be cumbersome to approve every single participant—particularly for large groups or meetings where people join at different times—this is the surest safeguard against meeting crashers.
Also, pay attention to the “Join before host” setting. While this setting is turned off by default, some users activate it in case they’re running late, or to enable others to start the meeting without the host. If you’re concerned about Zoombombing, keep this feature turned off so that hackers can’t sneak into the video conference unnoticed.
3. Require a password to join.
Zoombombing has taken on the nature of organized crime, where hackers systematically share meeting URLs and passwords on Instagram, Twitter, and online message boards. Consequently, password-protecting your Zoom meetings is actually one of the weaker precautions against cyberattacks. However, each additional hurdle against hackers keeps you incrementally safer.
“Do not share a link to a teleconference or classroom on an unrestricted, publicly available social media post,” the FBI warned. “Provide the link directly to specific people.”
Requiring a password is useful if you need to publicly share the meeting ID on social media to attract attendees, such as if you’re hosting a webinar or virtual press conference. This way, you can send the password exclusively to registered attendees via email or DM—assuming you’ve vetted them in some way.
4. Allow only signed-in users to join.
This security feature means that only those who sign in to Zoom with the email address you used to invite them can join the meeting. If someone tries to join using an alternate email or one that isn’t already on the list, they’ll see a pop-up window stating, “This meeting is for authorized attendees only.”
5. Disable unnecessary guest privileges.
Once the meeting starts, make sure to plug other potential cybersecurity holes. Hosts can disable privileges like screen sharing, file transfers, and annotations—features hackers most commonly exploit. Users can still request these privileges with the host’s approval. You can find most of them by clicking the arrow button next to “Share Screen” under “Advanced Sharing Options.”
If you’re making a presentation or giving a lecture, you can also mute everyone’s microphones—although, again, they can request to activate their mic. In the event a hacker crashes the meeting, at least they won’t be audible.
6. Lock the meeting once everyone has joined.
To prevent further participants from entering the meeting, go to the “Participants” list in the navigation sidebar, scroll down to “More” and click “Lock Meeting.”
Is cybersecurity the right career for you?
According to Cybersecurity Ventures, the cybersecurity industry is expected to have 3.5 million high-paying, unfilled jobs this year. With Springboard’s comprehensive Cyber Security Career Track, you’ll work 1:1 with an industry-mentor to learn key aspects of information technology, security software, security auditing, and finding and fixing malicious code. Learning units include subject-expert approved resources, application-based mini-projects, hands-on labs, and career-search related coursework.
The course will culminate in a multi-part capstone project that you can highlight on your resume for prospective employers or use to demonstrate your technical knowledge in your job interview. The learning materials will also help prepare you to pass the globally-recognized CompTIA Security+ certification so you stand out when applying for cybersecurity roles.
Learn more about Springboard’s Cyber Security Career Track here.