Zoom Security Enhancements
April 01, 2020
Zoom Security Enhancements
As many of you may have seen on the news or read on the web, Zoom has become the most popular video conferencing platform in the US at the moment, and with that fame comes the unavoidable target on their back as hackers and other cyber criminals attempt to break into Zoom conferences and disrupt business. Even in a pandemic, the bad guys take advantage and do bad things.
The good news is that we have a paid business account (even with the basic free accounts that are part of our offering to all employees). But that does not mean there are things we can still do to further protect ourselves and the confidentiality of our conference and video calls. Here is some basic info that I would like all of you to know regarding Zoom at Gemini Rosemont:
- Our Zoom accounts are protected with encryption
- When you create or join a meeting, that meeting uses industry standard encryption to prevent what is being said, typed and displayed via video “within” you conference. Outsiders not part of the conference cannot get to that stream. Reports in the media about people breaking into streams to display rude images cannot happen with our paid accounts as we have configured them.
- Chat is also encrypted just like Messages on your iPhone
- While information does indeed pass through the Zoom servers, it too is encrypted and only anonymous info is captured by Zoom for things like call quality and duration. This is in our SLA with Zoom as a paid customer. Many news reports are regarding totally free accounts, and that is not what we have.
I also wanted to let you know about some security changes we have implemented across our corporate account effective today that will further protect our sensitive business communications:
- Effective immediately, we have turned off Join Before Host as an option. In this way, people cannot join your meeting before you start it.
- We have added enhanced encryption between the HK office and any Zoom client, including the Zoom rooms in Santa Fe, Dallas and LA
- We have added the ability to create a meeting-specific password (optional) for every meeting you create. This option appears on the Schedule Meeting dialog when creating a new meeting. The system will generate a numeric password for you or you can create your own (the auto generated one is random and is fine):
- If you choose to add a password for your meeting, it will no longer be embedded in invite emails to prevents someone from intercepted your invite and getting your password.
- Same for phone call links, passwords will no longer be embedded in the link/URL.
- All employees can see guest participants by name to prevent someone from joining who was not directly invited.
- Live streaming was already off by default, and this setting is now locked at the admin level and cannot be turned on by any user.
The security of our users and our company information is of the utmost importance at all times, and we hope these additional provisions will make you feel confident that using Zoom in our environment is properly protected.