This morning, I heard about another point of caution with Zoom. I’ve added two bullets to yesterday’s post on using Zoom. I will discuss them here. Also, if you are contemplating using Zoom in your business, you may want to read my note to businesses below.
Unsafe links
Unsafe links can appear in the Zoom chat windows that folks use for sidebar text conversations during meetings. Participants can place live links in their chat. If hackers insert a link that refers to the local network, clicking the link can reveal credentials for logging onto computers on your local network.
By using a web browser rather than the app, you can avoid this issue. However, Zoom can be persistent in trying to get you to use their app. If you don’t know your way around computing, you might be using the app and not realize it.
Zoom is said to be working on a fix, but until the fix is in place, don’t click on links in Zoom chats. Not all links in chat are dangerous, and not all local networks are vulnerable. For example, clicking on an HTTPS link to a well-known public site is likely to be safe. Also, if your local network has the port 445 (the SMB port) locked down you aren’t vulnerable. If this is gobbledygook to you, just don’t click on links in Zoom chats unless you are certain that the participant who posted the link is who they say they are, and you trust them. In fact, you should always be cautious about clicking on any link anywhere. If you don’t have a good reason and are not sure where the link will take you, any link can lead to danger.
Waiting rooms
I also added a bullet suggesting using Waiting Rooms. Instead of allowing anyone with a link to directly enter a meeting, participants enter the waiting room and wait until the host invites them in. This gives the host more control of who enters the meeting. Strictly controlling meeting links and meeting IDs is more important, but when you are forced to make a meeting accessible to participants you can’t control via distribution of the meeting links and IDs, a waiting room is helpful.
A note to businesses
The recommendations here do not apply to businesses, which face problems that individual users do not. A business with substantial networked assets must protect those assets. In the rapid transition to working from home that is going on now, businesses are forced to give employees access to assets, like shared documents and applications, held in their private network. Remote workers access these assets from outside the traditional business perimeter. Zoom may appear to be a ready and easy-to-use solution, but there are other solutions that have been used longer in business environment and have undergone more rigorous vetting as methods of sharing resources. For example, Zoom’s unsafe links are based on file-sharing vulnerabilities that IT pros have dealt with for decades.
Zoom’s data sharing proclivities are annoying to individuals, but may be outright threats to businesses.
Treat Zoom cautiously as easy-to-use meeting software. You will probably need more than Zoom to support your newly remote workers. Don’t try to stretch Zoom farther than it was designed. Invest in training and more robust solutions when you need them. You will not regret that decision.