COVID-19 - Managing Security Risks when using Zoom

COVID-19 - Managing security Risk when using Zoom in the church context

Last Updated on May 14, 2020

There has been a lot of coverage in the media recently about security concerns with Zoom – the video conferencing that so many of us are using during the COVID-19 pandemic.

The good news is that for our purposes, the risks can largely be managed by observing a few simple practices in leveraging the settings in Zoom, and by being thoughtful about how we actually run our meetings.

This information is summarised in this helpful video from Wordfence – a highly regarded cyber security company (the one that protects our Safe Ministry websites).
Read on past the video for the details.

The following information has been gleaned from various sources.

Leverage your Zoom settings.
There are a number of settings in Zoom that can help you keep your meeting safe. Lock down your meetings with passwords, mute attendees on joining, and lock down screen sharing so that an attendee can’t take over your meeting with their screen without your permission.
Set your Zoom meetings to use the ‘waiting room’, which means that people joining do not have access to the actual meeting until a Host allows them. If you are working with larger groups, have an additional person who manages the waiting room throughout the meeting.

Kick out users.
You can kick a user out of your room. You shouldn’t have to if you’ve secured your Zoom account, but know that this is available to you. Click Manage Participants at the bottom of the Zoom window. Next to the person you want to remove, click More. From the list that appears, click Remove and confirm.

 


Share Zoom links carefully.

Without any controls in place, a Zoom link will let anyone join.
Think very hard about sharing your Zoom meeting link in public places like social media or your church website.  That does go against the thinking that church Zoom meetings on Sunday should be public, like a our physical church meetings are. But hackers and pranksters have been searching for these and accessing meeting rooms at will, wreaking havoc on business meetings and even online schooling, so our church meetings are also fair game if we are not careful.

Zoom and encryption.
Be aware of the need to think through the context of Zoom meetings and whether their end to end encryption really does give you secure communications.
For example: Zoom can be used securely, with end-to-end encryption for “private” chats, provided that everyone in the meeting is authenticated and using the zoom client. An example might be a bible study group contacting a missionary via zoom.  Used like this, it is secure. 

However, these kinds of conversations are not appropriate in a public context (like a Sunday zoom-church) because

  • Anyone who has the link can connect, so a government agency could be monitoring church.
  • Allowing people to dial-in via phone undercuts the benefit of end-to-end encryption. Choosing to have users use ‘computer audio’ in the Zoom settings helps to reduce the incidences of this.

Lock your meetings.
Once a meeting has started and everyone is in attendance, you can click ‘Participants’ at the bottom of your Zoom window. In the participants pop-up box, you will see a button that says Lock Meeting. When you lock the meeting, no new participants can join, even if they have the meeting ID and password.
This may not be necessary for most of our meetings, but is worth keep in mind – especially for youth meetings in Zoom.


Using Video Conferencing as an Attendee

Here is simple, but helpful information you can share with your church members to help keep them safe on Zoom.

Don’t use Zoom chats for private messages. If you’re attending a meeting and want to send a private message to another attendee, be aware that if your Zoom meeting is being recorded, the room owner will receive a transcript of everything you say privately.

Don’t share personal information. As with any public forum, assume that anything you type into chat or say in a Zoom meeting, you are being recorded and you don’t have control of what happens to that recording. Don’t share personally identifiable information with anyone, whether private or publicly.

Mute yourself unless needed. If you’re attending a meeting and you don’t need audio, mute yourself and and perhaps turn off your video. This prevents video conferencing from inadvertently recording conversations in your home or exposing visual information you might not want it to.

Addendum:
This news article details some of Zooms response the security issued raised: https://www.sbs.com.au/news/zoom-deeply-sorry-for-security-issues-amid-coronavirus-popularity-boom

Scroll to Top