According to the Computer Emergency Response Team of India (CERT-In), the unguarded usage of the popular video conferencing app ‘Zoom’ can bring forth significant cyber security risks such as leakage of sensitive office information to cyber criminals.
To this end, CERT-In has issued an advisory outlining the safety measures for both the operator and the users. This includes- keeping the Zoom software patched and up-to-date; and setting a strong, difficult to predict and unique passwords for all meetings and webinars.
Further, the cyber security agency has also recommended operators to enable ‘waiting room’ feature so that the call manager can exercise better control over participants. Under this method, all participants can join a virtual waiting room, but they will become a part of the actual meeting only post receiving approval from the call manager.
Also, CERT-In has recommended operators of the platform to disable the ‘join before host’ feature as that lets others to continue with a meeting in the absence of an actual host. This option enables the first person who joins the meeting to automatically become the host and will have full control over the meeting.
Over and above these recommendations, the agency has also come out with some counter-measures. This includes: restricting or disabling file transfers, ensuring removed participants are unable to re-join meetings and limiting screen sharing to the host only.