With the sudden increase in the use of Zoom, we are also seeing a significant rise in cyber security incidents associated with the platform. One alarming trend has been termed “Zoom Bombing”, and involves unwanted people joining and interfering in private meetings.
Hackers that enter a meeting may do more than disrupt the meeting. As a result we’re sharing an overview of the risks and precautions to consider for those wondering how to minimize risk while using Zoom.
A major security risk involves the hackers installing malware and/or accruing private information via the use of Universal Naming Convention (UNC) links. A UNC path uses double slashes or backslashes to precede the name of the computer. Read about UNC links here.
The breach results when the uninvited guest/ hacker posts a link in the chat window of the Zoom meeting. When clicked, the link installs malware on the user’s device. The UNC link vulnerability has recently been addressed by Zoom in the latest patch. Please be sure you have updated to the latest version of Zoom. As always, we advise everyone to be cautious: do not click on links from unknown senders. Print this Security 101 card as a handy daily reminder for your work space.
Regarding the “Zoom Bombing” trend, we have compiled a list of preventative measures you can take to reduce your vulnerability.
Precautions while using Zoom:
- Use a unique ID for large or public Zoom calls
- Require a meeting password
- Create a waiting room
- Make sure only the hosts can share their screen
- Create an invite-only meeting
- Lock a meeting once it starts
- Kick an uninvited guest out or put them on hold
- Disable someone’s camera
- Prevent animated GIFs and other files in the Chat
- Disable Private Chat
- Be sure you are running the most up-to-date version of Zoom
The Zoom website has a comprehensive overview: