NITA-U Issues guidelines for secure usage of the Zoom online meeting application

0
374

Due to the outbreak of the corona virus pandemic, businesses and organizations have embraced technology to aid them in working with their teams remotely. One of the popular technologies is online meetings using the Zoom Meetings and chat application.

Zoom is basically an enterprise video and audio-conferencing online meeting application that has inbuilt meeting functions similar to those of a regular formal meeting. It includes functionalities like:

  • HD Video and Audio with support for up to 1000 video participants and 49 videos on screen
  • Multiple screen sharing for easy collaboration between meeting attendees
  • Ability to record meetings
  • Meeting scheduling by the meeting hosts
  • Role based user security with password protection, waiting rooms, and placing attendees on hold when necessary
  • Team and private chats, searchable history, and file sharing
  • Participant engagement through polling and Q&A, virtual hand-raising, and ability to track engagement with attention indicators

One can opt to use zoom online by signing up to a free version or downloading the client version onto one’s computer. An organization can also opt for purchasing the enterprise version which has much more functionality and support from the zoom manufacturer.

The fact that these meetings are held online, their security must be taken into consideration to avoid leakage of sensitive information to unauthorized persons.

The National Information Technology Authority of Uganda (NITA-U) has developed security guidelines to help users of Zoom utilize the available inbuilt security features to protect their information. The guidelines are outlined as follows:

Always install /use the latest version of zoom

Make sure you download the latest version of zoom for installation or use the latest version online to reduce your risk of compromise. Google can always help you find the latest versions

Do not share your personal meeting ID

Zoom has an option of using an automatically generated ID for the meeting host, instead of using a fixed personal ID. It is advisable that you use the auto generated ID as this keeps changing and makes it hard to compromise.

Always use passwords to protect your meeting

When scheduling your meeting, always opt to use a password for each new meeting which you can then provide to your invitees whenever they want to join the meeting. This way you prevent unauthorized attendees.

Always share the meeting invitation details securely

Do not share meeting links, meeting IDs, or Meeting passwords publicly like on social media. Always share these personally with the invitees.

Always utilize the meeting waiting room

The waiting room gives chance to the meeting host to view whoever is joining the meeting. This enables them to allow or reject participants as necessary.

Always lock the meeting once every invitee has joined

The meeting host should endeavor to lock the meeting once all invitees have joined to avoid unauthorized entrants.

Beware of phishing

When opening meeting links sent to your email, always copy the meeting link provided and enter it in the official zoom application. Directly clicking on the link may lead you to malicious sites

Quality of service

In case you experience poor service quality during the meeting, you can turn off the video and only use audio. This works better in case the internet signal is not strong enough

Disable join before host

The meeting host should not allow participants to join the meeting before them to enable screening before joining.

Limit screen sharing to the host

Sharing of content should ideally be limited to just the host. However, the host can enable sharing for other participants whenever necessary.

Enable only authenticated users to join

It is advisable to only allow users with zoom accounts to join the meetings. However, there is an option of allowing participants with no zoom accounts as well

Disable automatic meeting recording

It is advisable to use a meeting secretary to record meeting minutes instead of automatically enabling recording of meeting minutes.

Source: NITA-U