Recent news regarding Zoom vulnerabilities is everywhere and it’s sometimes difficult to know what’s fact and what’s fiction. In a time where we must connect and communicate from a distance, we are reliant upon a variety of web conferencing platforms that are paramount to our daily operations. With the risk of unknown users accessing confidential information or disrupting meetings, it’s important to be well informed. The concerns regarding Zoom security are real. Specifically, the possibility for anonymous users to join your Zoom meetings. Fortunately, there are a few things you can do to protect yourself and your staff.
Zoom does have security features available, but many of these features are turned off by default. Unless basic conference settings are changed, anyone with the meeting link (URL) can forward it to anyone else, who can then join the call. We recommend that Zoom users log into their Zoom account on the web page and change Zoom Meeting Profile Configuration Settings to enable overall security features. Of the various security options, the minimum that we recommend is the use of the virtual lobby. Enabling this setting means that participants outside your organization’s account must wait in the ‘lobby’ until they are added by the host or someone else within your organization. Once you make changes to your meeting settings, be sure to send out new meeting invites for any recurring meetings so that they will take effect. Additional information about how to protect your Zoom meetings can be found at https://zoom.us/security.
The question has now been raised about the security of other web conferencing platforms. For example, is Microsoft Teams more secure than Zoom? The answer is yes. Microsoft Teams requires that all participants have an authenticated Microsoft account, which reduces the chance that impostors will join your calls. While Teams meetings do not incorporate passwords, the default settings in Teams ensure that those outside your organization have to wait in the ‘lobby’ until they are added by the host. To check your settings for Teams meetings, create a new Teams Meeting by clicking on the Teams plugin in Microsoft Outlook. This process generates the meeting invite message and the link for joining the meeting. Follow the “Meeting options” link just below the Conference ID at the bottom of the message to find your settings. Any desired changes to Teams settings will need to be discussed with IT department administrators.
WebEx is perhaps the most effective platform for preventing impostors from joining meetings because the software checks participants joining into the call against the email addresses sent in the Outlook calendar invite. So, if settings are correct, impostors should not be able to join a call by obtaining the meeting link through a forwarded meeting invite. While this feature is effective for internet calls, it’s still possible for someone that is not the calendar invite to join by phone.
With the necessity of remote communication services, now and into the future, it’s important to turn to technology specialists that you trust to keep you informed when technology is such a focus in the news. While it’s an unnerving thought that meetings could be intruded upon, securing web meetings is possible provided that we take a moment to understand the tools that are being utilized internally and by external partners.
