True North Networks Blog
To Zoom or not to Zoom? 8 Tips to Stay Safe Working Remotely
For wealth management professionals, the central question is whether the Zoom platform is too risky to use from a cybersecurity perspective.
To Zoom or not to Zoom? For wealth management professionals who need to drive as much continuity of service and connection with clients and colleagues, this is an important cybersecurity question.
Here are eight tips to keep you and your organization safe on Zoom:
1. Use the latest version. Among Zoom’s most serious shortcomings to come to light in recent weeks was hackers being able to access stored passwords through a chat feature. The fallout from something like that could be catastrophic for a financial-services business. The company claims to have addressed this issue and others like them, but the platform could be plagued by other problems that are yet to be known, so it’s a good idea to use only the most up-to-date version.
2. Never share your Zoom meeting ID publicly. Posting meeting IDs publicly makes it easy for hackers to infiltrate your account by guessing your password. This could result in ‘zoombombing’ or someone getting access to your private chat transcripts or files.
3. Share your meeting password securely. Treat your Zoom meeting password the same way as you would treat your sign-in credentials for your bank account or company workspace. Also, use two-factor authentication, which dramatically lowers the likelihood of getting compromised.
4. Set preferences to host-only. Resist the temptation to designate a co-host, because it increases the likelihood that a breach could take place. What’s more, shut off file transfer, camera and audio settings for all participants. That leaves one person in control of the conference. The end goal is to minimize the possibility that an interloper could gain access.
5. Pay for the enterprise plan. You get what you pay for with freemium services, which typically have lackluster security features. Thanks to some poor PR, Zoom has been pressured into upgrading their basic offering. But if you are relying on Zoom for business, it’s better to upgrade to the pro or enterprise plans.
6. Beware of Zoom phishing emails. If you get a meeting invite from someone with whom you are not familiar, you can log in to the call by connecting to the Zoom website and then manually keying in the meeting ID. That will ensure that the invite is valid. Otherwise, it could be a phishing email aimed at getting you to click a link that will end up harming your device.
7. Perform endpoint hygiene. Patch the endpoints used to access Zoom with up-to-date anti-virus and anti-malware software and make sure to enable device or file-level encryption. These steps will not only help to prevent compromises, but they will serve to mitigate the damage should they occur.
8. Use VPN when possible. This minimizes the likelihood of a man-in-the-middle or denial-of-service attack that could disrupt your productivity. VPNs could create some network bottlenecks, especially if you don’t have much bandwidth to spare, but they will ensure that your sessions have end-to-end encryption, something that most regulators require.