Best Practices for Collaboration Platforms
Privacy & Security Basics
Before the lockdown, Zoom was a moderately successful business video conferencing tool that turned into one of the most utilized consumer apps across all platforms. Zoom’s daily numbers of user’s went from 10 million in December to 200 million in March, putting tremendous strain on the company to scale the service up in order to accommodate new users. As with any collaborative platform, they are extremely vulnerable to privacy and security concerns.
The issues included sending data to social media platforms, a false claim to end-to-end encryption; vulnerabilities that made it easy for hackers to gain access, and easy to guess meeting IDs and weak encryption. Soon governments and businesses were questioning the use of the platform.
Recent Zoom Security Updates
Encryption Standards: Zoom upgraded to the AES 256-bit GCM encryption standard, which offers better protection meeting data and an improved defense from tampering. This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data.
Security Features: Zoom’s security features will now be grouped together and easily found by clicking the Security icon in the meeting menu bar. These features are only available on the host’s interface.
Host Controls: Hosts will soon have many useful features available to them such as Report a User. Other functionalities include disabling the ability for participants to rename themselves and screen sharing defaults to the host only.
Waiting Room: The existing feature allows a host to keep participants in their own virtual waiting room before they enter the meeting. This feature is now a default for education. Host’s can now turn on the virtual waiting room during the meeting for individuals. See how this could be useful?
Password Complexity: Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers. For administered accounts, account admins have the option to adjust the length of the pin required for accessing voicemail.
Cloud Storing passwords: Passwords are now set by default to all those accessing cloud recordings aside from the meeting host and require a complex password. For administered accounts, account admins can define password complexity.
Secure Contact Sharing: Zoom 5.0 will support a new data structure which allows large organizations to link contacts across multiple accounts making it easy for individuals to search and join meetings internally, chat, and share contact information in a safe and secure manner.
Dashboards: Admins on certain plans can monitor how their meetings are connecting to Zoom data centers in their dashboard. This includes data centers connected to HTTP Tunnel servers, Zoom conference room connectors and gateways.
Additional Features: Users can modify Zoom Chat notifications so they do not show a snippet of their chat. Non-PMI meetings have increased to 11-digit IDs for added security and complexity. While meetings are taking place, the meeting ID and Invite option are moved to the participants menu, this prevents a participant from accidentally sharing their meeting ID.
As organizations expand their usage of collaboration platforms during this period of mass remote work, it is crucial to understand and manage the risks that such platforms may introduce. Companies may address these concerns by performing security assessments, properly implementing best practices, and deploying additional security controls.
Best Practices: Ensure Meetings Stay Safe and Secure
Many security issues can be prevented internally, this starts with making sure people with meeting links were invited. Most platforms allow you to password protect your meetings. Virtual Lobbies are another option which allow the administrator to control access to the actual meeting. These extra layers of security can seem unnecessary, but as we all know, certain meetings may include confidential or sensitive information. Making sure the intended parties are listening in can prevent many vulnerabilities for you and your organization.
Carefully review the list of participants before each meeting. If anonymous participants are present, ask them to identify themselves and make a decision to remove them from the meeting.
Review and disable sharing permissions. This prevents any meeting hijackers from sharing inappropriate content, or unwanted content.
Exit and exit tone is useful if available. This feature prevents foreign participants from joining meetings without the knowledge of the host and participants.
Double check recording permissions. In many meetings, it should be up to the host (with consent from participants as well) if it is ok to record the meeting. You want to be sure that notifications are set for all parties if and when recording is in progress.
Review participant controls before each meeting. Assess and modify the controls available to participants. You may want to prevent the ability for invitees to forward meeting invites. Of course, if you are hosting a live event you may want to ensure that these controls are enabled and available.
Note that there are so many collaborative platforms and video conferencing solutions out there. It comes down to doing your research, keeping up on security updates, and familiarizing yourself with your platform of choice.
Any questions regarding security, or assessing the best collaborative software for your team should be ultimately reviewed by an IT professional. VisionPoint has over a decade of industry experience and is here to help to optimize the functionality of your AV systems.
Resources:
https://www.ravepubs.com/giant-security-update-to-zoom-rolls-out-starting-today/
