There have been many news stories about recent vulnerabilities and privacy concerns regarding Zoom. We felt it was important to further examine these potential deficiencies to confidently inform those in the W&L community relying on the tool for group communications and virtual learning. Assuming proper configuration, hygiene, and general computing best practices, we believe there is no reason to stop using Zoom at this time.

We hope to convey that while the reported security risks are real, they are not necessarily unique to Zoom. In short, our goal is not to minimize those risks, but to continuously evaluate ways to mitigate vulnerabilities and proactively address concerns.

For some background, Zoom use has ballooned over the last few weeks to include new use-cases and audiences for which it may not have been originally intended. Like all popular software, accelerated use often reveals flaws, opportunities for updates, and best practice changes, many of which can find their way into news headlines. Zoom has been very responsive in addressing concerns as they are brought to light. To that end, please see this summary of their efforts to date, fixing or mitigating many vulnerabilities and privacy concerns.

ITS will continue to monitor Zoom, as well as the entire suite of productivity tools W&L relies on to accomplish our current circumstance of virtual learning and employees working from home. We intend to provide ongoing security updates to the community and encourage our users to review best practice notices here on our blog.

Run Update to Fix the Stolen Windows Credentials Flaw

On April 2nd, Zoom released an update that corrects a default setting that allowed bad actors to send URLs through Zoom chat that contained hyperlinks with executable files containing malware. The update should be automatically presented to you upon opening the Zoom app on your Windows computer. We’re also finding that the update presents itself on a Mac when you close the application. In both cases, you will need to actively click “update” to get it installed. It’s a small file that will download and install very quickly.

Follow These Tips When Scheduling Your Meetings

1. Send Zoom meeting links using W&L communication tools and resources (e.g. Outlook email, Teams, Skype, etc.).
2. Know your audience and be intentional when inviting your class to a Zoom meeting.
3. DO NOT post Zoom links in public forums (e.g. Twitter, Facebook, and other social media communication platforms).  
4. Change your screen sharing settings before the call to prevent others from sharing without your (the host’s) permission. Check out our post on ZoomBombing for more details.

Consider Using the Zoom Waiting Room Feature

The Waiting Room feature allows the host to control when a participant joins the meeting. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once. You can find this feature by clicking on “In Meeting (Advanced)” then scrolling to the Waiting Room setting.