How to host a truly secure Zoom conference

We explore the security settings of one of the most popular chat platforms on the planet.

How to host a truly secure Zoom conference

At a time when businesses worldwide were shedding money because of the pandemic, Zoom saw revenue growth of 370% in just one quarter, becoming a household name and a verb in the process. But right from the start the service faced pointed questions about security, and to their credit, the developers did their best to address them quickly.

In the light of Zoom’s beefed-up security mechanisms, here’s what you can — and should — configure to ensure maximum protection while Zooming.

1. Make the meeting unique

You can set up a Zoom conference either with a Personal Meeting ID (PMI) or, for one-off chats, with a one-time link. Tied to a user’s account, a PMI persists unchanged for a full year from the last login, so anyone who has attended at least one PMI-based meeting can connect to any future conversation using the same PMI, even if you don’t invite them. Therefore, avoid using personal links, and instead create a separate link for each meeting — it takes just a few seconds.

2. Require invitations

Publicly sharing a link to a meeting is risky. You might as well spray-paint party details on a public wall and hope no one crashes. Notify each participant individually, whether by e-mail, messaging app, or another convenient means. If you realize someone’s missing from a call already in progress, send an invitation right from Zoom.

3. Set up face control

Even if you sent a link personally to a friend or colleague, that’s no guarantee someone else won’t use it to join the call: Your friend might have forwarded the link to someone else, or it could be a mischievous kid brother — or a hacker.

The Waiting Room can help you make sure that there’re no uninvited guests on the call. If you enable the feature, attendees will remain sequestered until you look over the names and nicknames and decide who to let in.

After the meeting starts, you can send someone back to the Waiting Room if, say, you need to discuss something with a smaller team. You can also choose to enable the Waiting Room for everyone or only for guests who are not signed in to their Zoom accounts.

4. Lock the Zoom meeting

Once everyone is in, you can lock the meeting so that no one else can join. That way, even if the link to your video chat is available to outsiders, they will not be able to use it. Incidentally, locking has become one of the most effective ways to combat Zoombombing, the practice of invading Zoom calls, which became widespread during the pandemic.

5. Enable end-to-end encryption

Zoom has long used point-to-point encryption (P2PE), whereby private keys are stored on the server. P2PE protects against simple data interception, but hacking the Zoom server enables an attacker to decrypt the conversation.

Therefore, Zoom developers added end-to-end encryption (E2EE), which stores keys only on users’ devices. Enable end-to-end encryption and a green shield with a padlock will appear in the upper left corner of the Zoom screen. That icon means the call is protected against eavesdropping.

Bear in mind that end-to-end encryption is disabled by default for a reason: With it enabled, participants using the Lync or Skype clients, the online version of the Zoom Web client, or any third-party clients for Zoom will not be able to join the call. In addition, users with free accounts will be asked to confirm their phone number and add a payment method.

6. Check the channel’s security

You can check at any time to see if outsiders have used a man-in-the-middle attack to connect to your communication channel. Click on the shield icon and you will see a secret key. The host can read it out loud, and participants can compare it with their own. The numeric key is directly related to the end-to-end encryption mechanism that connects attendees’ devices. If the host’s key matches those of the call participants, that means the connection between the end devices has not been compromised. If an attacker has interfered with it, the sequence of numbers will be different.

When the host’s functions are transferred to another participant, or someone joins or leaves the meeting, the system generates another secret key, and participants can check it again.

7. Get extra protection

To hide your IP address — and the call itself — from outsiders, be sure to connect using a secure connection such as Kaspersky VPN Secure Connection. Using a VPN is especially important for calls conducted over public Wi-Fi.

Don’t forget to use a reliable security solution, either — no matter how much Zoom has improved its security, it cannot do anything about malware that has already set up shop on a call participant’s device.