Using Zoom The Horangi Way: Security Best Practices

With most businesses now operating remotely, it is more crucial than ever that innovation and cybersecurity are not compromised. As Zoom users ourselves, we at Horangi want to help you continue using the teleconferencing platform securely.

Zoom’s Continuous Security Commitment

From organizations including the Taiwan government and Google banning the use of Zoom to the Zoom-bombing phenomenon and recordings exposed online, the teleconferencing company has seen a recent surge in publicly identified security issues. 

Amid the COVID-19 crisis, the demand for remote collaboration tools such as Zoom has skyrocketed. Unsurprising, this trend has cyber criminals and cybersecurity researchers alike scouring the Zoom app for security vulnerabilities on Windows and Mac, some of which have made headlines, even those that have yet to be publicly exploited.

In spite of this, businesses cannot afford to compromise how they operate and collaborate. And tools such as Zoom play a central role in facilitating seamless remote collaboration in this Work-From-Home era. At Horangi, for instance, we are avid Zoom users and will continue to use Zoom securely and responsibly for the betterment of our organization. 

We recognize how Zoom has promptly responded to the influx of security concerns and are confident that the company regards user security as one of its highest priorities, insofar as to commit to security fixes for the next 90 days.

How Horangi Uses Zoom

Horangi practices a video-on philosophy in all our Zoom meetings, regardless of where the employee is connecting from. Having shared usage statistics in the recent remote work arrangements, we have only seen the use of Zoom increase over the weeks.

We at Horangi approach the use of Zoom the same way we approach any cybersecurity problem — holistically. A large number of cyber attacks and data breaches can be attributed to human mistakes that could have been easily avoided with the right behavior and protocols. It is no different with the use of software such as Zoom. 

What then are some of these best practices that we as employees can do to protect our organization? We explore these practices below in different risk categories.

Basic Zoom Hygiene

First we start with the basic settings and standard practices that you should apply to all meetings, regardless of type. 

Always keep your software up to date. Zoom is continuously fixing vulnerabilities for all operating systems. Updating your software is the surest way to be on top of all these fixes.

  • Require authentication to Zoom using Single Sign-On (SSO) or Multi-Factor Authentication (MFA), which helps mitigate the risk of a data breach even if credentials are exposed.
  • Understand Zoom security settings and features, set up relevant defaults for your organizations, and educate users about additional security options.
  • Use real profile photos and names as basic online etiquette. This alone makes it easy to identify that all meeting participants are legitimate.
  • Beware of phishing links disguised as Zoom meeting links. Always verify the source and only get links from the proper channels.
  • When you record meetings in Zoom and generate a shared link, make sure that you check the setting — Only authenticated users can view: Signed-in users in my account.

To drive higher adoption of these practices, we recommend that your organization prepares an internal guide and shares that with your employees.

Ad-Hoc, Small Group Meetings

These are the most common of meetings, consisting of regular one-to-one catch-ups and small group discussions.

Always generate a new meeting ID rather than your personal ID, since previous IDs could have been inadvertently shared in public. Another way is to regularly update your personal meeting ID and set up a password.

  • Use passwords to secure your meetings. This prevents trolls from using brute force techniques to randomly join meetings.
  • If you integrate with other software like Slack, be sure to pay attention to how meetings are scheduled on third party apps. At this moment, for instance, Slack does not set a password for Zoom meetings scheduled from the Slack platform.

Public Events

Public events apply to virtual events like webinars, online trainings, online classes or lectures.

Highly Confidential Meetings

This category refers to sensitive meetings such as Quarterly Business Reviews, board meetings and even matters of national security. When discussing critical issues like these, we advise that you use technology with the utmost care. For any software you choose to use for remote collaboration, be sure to conduct a formal vendor assessment.

  • Never share your meeting links in public channels.
  • Practice maximum security and avoid recording your meetings. But if you have to, ensure that these recordings are marked for internal use only.

Practice Risk-Based Cybersecurity

At Horangi, we steer clear of the notion that cybersecurity is meant to harden or tighten processes. Instead, we consistently preach and practice cybersecurity as an enabler of innovation, as long as every organization has its cyber risks adequately assessed and has a strong plan for how to conduct operations securely and efficiently.

I hope that you take these best practices to heart and apply them according to the risk profile of your meeting. Used properly, teleconferencing tools like Zoom will continue to drive powerful collaboration between teams working remotely.

Nikolay Akatyev

As the Vice President of Internal Security & IT, Nikolay drives the internal machine that powers Horangi's efforts in contributing to a safer cyberspace. He is a regular speaker and contributor in the international cybersecurity community, from Asia to the Carribean.

Subscribe to the Horangi Newsletter.

Be the first to hear about Horangi's upcoming webinars and events, up-and-coming cyber threats, new solutions, and the future of cybersecurity from our tech experts.