Everyone is now worried about Zoom security and how to make sure that you are really running end-to-end encrypted and there is no possibility for anyone to see what you are talking about. Zoom included.
First of all, Zoom is inherently secure if used well, you just make sure that you use the actual Zoom client and you have authenticated users. That’s because once things head off into the public phone lines, you will have real problems.
So when you schedule a meeting, here is what you need to make sure is clicked:
- Go to your Zoom client and choose Schedule meeting.
- Now when you set it, you there are few things that you need to do. The first is to setup Meeting ID with
Generate Automatically
so that you will get a random meeting id, that makes it hard for an adversary to figure out the call in the first place. - Make sure that
Require Meeting Password
is set. This is now the default and it should be a randomly generated number. The good news is that it will generate a special URL so that has the encrypted password in it. so that even if someone has the Meeting ID, they are going to have a hard time doing the password. - This is the most important, in the
Audio
segment make it Computer Audio only. The reason for this is dial-in is basically insecure, so you need to force people to use the Zoom client because it is doing end-to-end encryption. - Then go to
Advanced Options
and clickEnable Waiting Room
which makes sure that no one can get into the main call without you knowing who it is. That’s your last line of defense - Disable
Join before Host
- And enable
Mute participants on entry
What this does is that you will only have authenticated users with authenticated emails. It means that people will have three restrictions:
- They have to have a Zoom client preloaded on their devices.
- They need to have created a Zoom account with an email.
- You need to have emailed that on that email. This ensures that unless the email was hacked, this really is the right person.