Recent news about Zoom security and encryption, and whether you’re on a secure call, has raised privacy concerns among users – myself included. Can I trust Zoom not to expose my data and login credentials? How do I keep unwanted guests from “zoombombing” my video calls?
Before we enter the encryption discussion, let me state that for the vast majority of consumers and small businesses, Zoom has adequate security features in place to ensure the privacy of your video calls – especially when utilizing available features and best practices. This post includes information on how to configure Zoom for hosting secure video calls.
What is an encrypted Zoom call?
Let’s break down how Zoom encryption works without getting into eye-glazing detail.
Part of the confusion comes from Zoom itself for overstating the nature of its encryption. Zoom uses transport encryption. Transport encryption means that a video call is encrypted (encoded) during transmission between Zoom’s servers and individuals’ devices on a video call. Zoom decodes the video and device audio stream in real-time during your video call.
End-to-end encryption requires that each party controls their cryptographic keys – the piece of data that encodes and decodes an encrypted communication. Currently, Zoom controls the cryptographic keys used for encrypting all Zoom calls. However, a recent Zoom blog post confirms they are developing the ability for customers to manage their cryptographic keys in the future.
What does this mean?
- Communication between your device and Zoom servers is encrypted so that no one can intercept and eavesdrop on your conversations.
- Recorded videos from Zoom calls are not encrypted.
- If you are joining a Zoom meeting by phone and not using your device’s audio, your phone call to the Zoom conferencing servers is not encrypted.
Zoom claims they do not possess the ability to intercept your calls or secretly insert their employees into your meetings.
“Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list.”Zoom Blog
Update: according to a May 7, 2020 Zoom blog post, the company is making two major changes to its product:
- Zoom version 5.0 (currently available) introduces industry-standard AES-GCM encryption with 256-bit cryptographic keys. However, Zoom still controls and stores all cryptographic keys.
- A future product enhancement for paid accounts will allow users to create public cryptographic identities that can be used to establish secure meeting connections with participants.
How to Host a Secure Zoom Call
Here are several steps you can take to secure your Zoom calls.
Don’t Share Zoom Meeting Links on Social Media
Sharing your Zoom meeting links on social media can expose your meeting to unwanted intrusion – especially if you’re not utilizing some of the other security features available to secure your calls.
Avoid Using Your Personal Meeting ID For Public Meetings
For meetings with more than one or two people, avoid using your Zoom Personal Meeting ID. When scheduling a meeting, select Generate Automatically under Meeting ID. Never publish your Personal Meeting ID in public settings.
Utilize The Waiting Room Feature For Public Meetings
The Waiting Room feature enables you to see who is joining your video call, allowing you to screen (and remove) uninvited guests.
Note: a Zoom update in April 2020 enabled the Waiting Room feature by default.
Set a Password for Your Meetings
Enable and specify a password for your Zoom meetings.
Note: a Zoom update in April 2020 enabled passwords on meetings by default. You may need to resend links to participants for meetings scheduled prior to April to avoid any issues when joining future calls.
Manage Who Can Use Screen Sharing and How
Use Zoom’s advanced settings to specify:
- Who can share (host-only or host and participants)
- Disable desktop screen sharing and only allow sharing for specific apps
- Disable the Annotation feature, preventing users from drawing on the screen during a screen share
Use Other Advanced Features To Manage Your Participants
- Disallow embedding passwords in Zoom meeting links
- Disable the Whiteboard feature
- Disable the Remote Control feature
- Disable the feature allowing removed participants to rejoin
- Disable the Remote Support feature enabling participants to control another user’s device remotely
- Disable Far End Camera Control enabling the participants to take over another user’s camera
Download the Zoom Meeting Host Cheat Sheet – concise instructions for hosting meetings on Zoom using a PC and Mac.
Copyright © 2020 Prime of Life Tech