[ALERT] ADVISORY ON VIDEO COMMUNICATION APP: ZOOM

Submitted by irteam on Mon, 03/30/2020 - 18:51

Threat Name:
VIDEO COMMUNICATION APP: ZOOM
 

Background Description:
Since the Coronavirus pandemic, Zoom video conferencing service has seen a huge increase in downloads and is now being used by millions for work and e-learning.

Impact:

  • Anyone with your meeting link can join your meeting, so avoid sharing the link on social media unless you want it to be a public event.  
  • Avoid using your Personal Meeting ID (PMI) to host public events, as it would allow anyone to connect with you even when the event is over.
  • Paid subscribers can record the meeting including its text transcription and any active chats and save it to the cloud where it can be accessed by other users.
  • Zoom sends user analytics data to Facebook, even if you don’t have a Facebook account

Recommendation:
Before you host a Zoom meeting:

  •  Allow only signed-in users to join.
  •  Generate a random Meeting ID and require a password to join. Send the password to participants privately.
  • Set the screen sharing to “Host only” so that random people can’t share unwanted content.
  • Disable "Join before host" so that participants can’t join without the host.
  • Enable the "co-host" feature if you need another user to help you manage participants during the meeting.
  •  For public events, enable the “Waiting Room” feature.
  •  Use the latest version of Zoom.

During a meeting, the host can:

  • Lock the meeting so that no new participants can join
  •  Remove unwanted participants
  •  Mute or turn off video for inappropriate participants
  • Put a participant on hold

Other useful controls:

  • Turn off in-meeting file transfer
  • Turn off annotation feature
  • Disable private chat