Analysis, Privacy, Tips

Practical Zoom meeting security tips


If you’re anything like me, you have been using Zoom for meetings at-distance more in the last month than you probably have, well… ever! Due to its increasing popularity and relative ease of use, people are flocking to Zoom for daily use in all kinds of scenarios. Not coincidentally, we have also seen an increase in news articles questioning the “safety” and “security” of Zoom.

The point of this blog post isn’t to debate the relative merits of the recent coverage that Zoom has experienced – that is being handled by people much smarter than me. Rather, the point of this blog post is to help you make Zoom as safe as possible for you to use, while understanding the risks associated with using it. Nothing in life is risk-free, and Zoom is no different. Also, these tips are offered for individuals using personal accounts, whether free or paid. If you are using Zoom in a corporate context as part of your job, you should follow whatever guidance your corporate security staff provides for employees.

With that in mind, I offer these tips to consider when creating meetings in Zoom:

  • Meeting ID – I recommend allowing Zoom to generate the Meeting ID automatically, unless you have a reason not to. Zoom creates a 9-digit identifier for all meetings. Randomizing the identifier for each meeting makes it more difficult for adversaries to target you specifically since each of your meetings will have a different Meeting ID.
  • Meeting Password – I recommend enabling this for all meetings, unless you have a really strong reason not to. Enabling this feature requires all attendees to enter the password before being allowed into the meeting.
  • Video – I recommend setting both Host and Participant to “off” by default. This will ensure that participants cannot share their screen without the host’s permission, and will also ensure that the host doesn’t accidentally share their camera before they are ready to.
  • Audio – I recommend allowing audio from both Telephone and Computer Audio. This is more of a general usability recommendation rather than a security tip. Allowing both enables users to use their computer for video viewing, while allowing them to hear the meeting by dialing in on their phone. For users with slower systems or Internet connections, the ability to connect to meeting audio with both their computer and their cell phone can help lighten the network load.
  • Meeting Options – There are a four settings here to discuss:
    • Enable join before host – I recommend disabling this option, as it will prevent users from joining the meeting before the host does. This will allow you to start with a “clean room” so that you can have better management and control of attendees.
    • Mute participants upon entry – I recommend enabling this option. This will ensure that meeting attendees cannot speak during the meeting unless given permission by the host to do so.
    • Enable waiting room – I recommend enabling this feature. This creates a virtual “waiting room” for attendees to gather in, prior to the meeting beginning. Hosts are then able to allow attendees into the meeting one at a time, ensuring that only authorized attendees are present.
    • Record the meeting automatically on the local computer – I recommend disabling this feature. You will have the ability to manually trigger recording inside the meeting, if needed. If you choose to record a meeting, you should expressly state that in any meeting notifications as well as prior to beginning actual recording of the meeting itself. You should give attendees an opportunity to leave the meeting prior to recording, and it is also a good idea to repeat that process once you begin recording so that you can record attendees giving their permission to record the meeting.

Below is a screen capture of an example of a meeting set up with all of the features I described above:

Once you save this meeting, you should see a screen that looks similar to this:

Notice the “Save as a Meeting Template” link at the bottom? Use that so that when you create meetings in the future, you won’t have to manually configure these settings again! Name it something that makes sense to you, and save it!

Now, when you want to create a meeting in the future, all you have to do is click on the “Meeting Templates” link at the top of the page, and you will see the template along with a button that you can click to create a new meeting using these settings.

Zoom has proven to be an effective meeting at-distance tool for many, and I expect to see its use grow over time. But, as with any software product it does not come without some risks. I hope that my tips above help you understand those risks better, as well as what steps you can take to mitigate those risks for you and your meeting attendees!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s