Let’s talk about steps you can take to make your meetings secure.  Zoom has been in the news recently, and not in a good way, with respect to security issues that have been uncovered.  I’m not going to go into the Zoom security saga in detail.  You can follow that discussion here and here if you want more information.

Zoom in on Security

The stories around Zoom security issues and “zoom bombing” are a good segue to reviewing ways to make your meetings secure.  I’m going to talk about recommended practices to make your meeting secure.  I will also discuss Zoom security settings that you can use to improve meeting security.  Finally, I will touch on security settings for Teams that will help make your meetings secure.

Some of the Zoom security stories arise from the fact that consumers are using Zoom to overcome the isolation of shelter-in-place policies.  I’m sure you’ve seen the stories of bar mitzvahs, training workouts, wine tasting and birthday parties conducted via Zoom.  It’s tempting to think that your users would know better than to organize meetings potentially open to anyone.  However, its best to plan for the worst and hope for the best when it comes to making meetings secure.

Some Recommended Practices for Making Your Meeting Secure.

Before we get to Zoom, let’s talk about some practices to make any meeting secure.

• Ask yourself if this is a meeting or a webinar you’re trying to hold.  Services like GoToMeeting, Zoom and Teams all have companion services designed for the needs of webinar hosters.  If you’re hosting a large event and inviting participants that are mostly outside your organization, you probably want to use a webinar tool.  These tools let you track participants, control who can talk or chat and the like.  If you’re holding a meeting with people in your organization and perhaps some outsiders that you work with frequently, then a regular meeting tool should be fine.
• Get familiar with your meeting controls as the meeting host.  If you’re hosting a public or semi-public meeting you will want to control things like who can share their screen and whether the chat window is viewable or not.  You can likely relax these controls if all the meeting participants are in your organization or people you know well.
• Use a unique invitation link for each meeting.  Invitation links are being shared on the Dark Web for use by those who would like to disrupt the meeting.  Using a unique invitation link will help prevent this and make your meeting secure.
• Require participants to sign in before joining the meeting.  Meeting applications will typically require this user sign in, but some offer the option of allowing users to join the meeting anonymously.  You might also require that users enter a password before joining the meeting. The need for a password requirement will depend on the confidentiality of what you’ll be discussing in the meeting.
• If the number of meeting participants is large you should appoint some other participants to be meeting hosts.  Multiple meeting hosts means that you can spread activities like monitoring the chat window around to others.  If nothing else, this makes the meeting easier to manage.

Zoom Settings Can Help Make Your Meeting Secure

Zoom does offer several security settings that will help make your meeting secure.

• You can require users to enter a password before joining a meeting.  And you can enforce rules on password complexity.
• As well, you can require use of multi-factor authentication (MFA) to log into a Zoom meeting.  (And by the way, this pandemic is your “Y2K moment” to advocate for use of MFA across the board.)
• I recommend that you restrict who can change a user’s personal meeting ID, host key, profile and sign in email address.
• Zoom lets you control who can upload pictures and images into the meeting.

Here’s a nice article that lists some of the steps you can take as a meeting host or user to make your Zoom meetings secure.

Look at Your Teams Security Settings Too

One nice thing about Teams is that it builds on the security infrastructure of Exchange, SharePoint and Active Directory.  All three of these platforms will contribute to making your meeting secure.  The downside is that you must go to more than one administrator page to set all the security settings you want.  Here are some of the things you can control in Teams.

• As I said earlier Teams already requires the user to sign in before joining a meeting.  And if you have MFA enabled, Teams will require that if the user isn’t already signed into the service.  Of course, you can also implement Single Sign On so that Teams users don’t have to sign in separately for that.
• You can control whether users external to your organization can join a team or not.  Along with this you get to decide what actions external users can take in the team.
• Of course, you can apply retention policies to Teams content just as you can with other content.  You can deploy Data Loss Prevention policies to Teams content as well.
• Teams lets you as the organizer control who is a presenter and who is an attendee.  Each of these roles has different privileges.
• And you can configure Teams to place users in a “lobby”.  From here, users can’t join the meeting until you admit them.

Making Meetings Secure is Everyone’s Business

There’s no doubt that we’re all participating in a lot more meetings that we used to.  As with any technology, there are those who will seek to exploit weaknesses in the tool as well as in user behavior to cause havoc and steal information.  It’s up to all of us as users, meeting organizers and service administrators to make sure we’re taking the proper steps to make meeting secure. I hope these tips help you on the way.

Now go wash your hands.