If you've been keeping up on the COVID-19 news, you've probably heard about a form of hacking that's been on the rise over the past few weeks: "Zoombombing."
Zoombombing incidents are a form of trolling – hackers get a hold of a Zoom meeting link from a social site or email and join a video chat simply to cause disruption. In specific recent examples, they've upset participants by yelling profanity and racial slurs, and sharing disturbing images in the video feed.
In response to recent criticism over these issues, Zoom announced a few changes to their platform to help users safeguard from these bad actors. Now all participants of a Zoom meeting will be placed in a waiting room until the meeting organizer allows them entry. If the organizer does not recognize someone in the waiting room, they can simply not admit the person to the meeting. Zoom now also requires passwords for meetings as a default setting. That means if you're used to joining a meeting just by entering the meeting ID, that won't work. Instead, you'll have to either join directly via a link sent to you in an invite, or you'll need a password.
In addition to these system updates, there are a few other things you can do to safeguard your next Zoom meeting:
Four tips to prevent Zoombombing:
While the above security hygiene will make it difficult for unwanted users to Zoombomb, an enterprise can take additional precautions to protect their meetings using advanced, yet simple-to-implement security measures. IT security experts are familiar with Security Assertion Markup Language (SAML) and OpenID Connect (OIDC), two well-known standards for authentication and identity federation. These two standards enable an enterprise to use their own authentication methods and systems to validate access to resources like Zoom meetings and conferences.
Zoom happens to be an SAML Service Provider (SP) that can be federated with a SAML Identity Provider (IdP) for authentication purpose. In order to allow only authorized and authenticated participants in a Zoom meeting, use the following steps:
Zoom is one tool employees and enterprises can use to make it easier to connect with colleagues and partners while working from home. If implementing the above options still don't inspire trust that your meeting will be safe, there are other SaaS apps you can deploy. No matter what system you choose, security in the context of COVID-19 is critical to protecting data and avoiding malicious disruptions to your daily virtual interactions.
If your enterprise has not already deployed security coverage for your virtual meeting tools and other systems you use daily to accomplish your work, you can get a 30-day free trial of our IntelliTrust cloud authentication service.