By

Christopher Watkins

How to Manage Security on Zoom for Your Insurance Organization

Share

Chris Watkins leads ReSource Pro’s Global Technology division, including information security, infrastructure, enterprise applications, and innovation, overseeing a team of over 120 technology professionals.

Stay Secure While Leveraging Virtual Work-From-Home Meetings

Since the beginning of the coronavirus pandemic and transition to a new work-from-home normal, Zoom has reported a 1,900% increase in daily users, making it one of the most popular video conferencing tools on the web. Its newfound ubiquity has made it a prime target for malicious users, who have not only popularized “Zoombombing,” or the act of entering a meeting uninvited and causing harm, but discovered various other vulnerabilities like unsecured call records.

In recent months, Zoom has moved to implement new security protocols and in-meeting controls that allow for greater safety during public and private conferences. But while Zoom is certainly more secure than it was before, you’ll still want to take additional steps in order to keep party-crashers out for good.

Protecting Yourself, Your Colleagues, Your Clients on Zoom

  • Use the Security Button — Zoom’s security controls appear as a checkered shield in the bottom left corner of the Zoom window and are only visible to the meeting host. Here, you can give participants permission to share their screen, use chat features, and change their name. You can also lock the meeting to prevent anyone else from joining or enable a waiting room, which requires participants to wait for your approval before they can join. It’s a good practice to lock the meeting when all expected participants have joined and, unless you have a specific reason not to, disable screen sharing for everyone but yourself.
  • Remove Unknown Guests — When a meeting participant is not signed into Zoom or is signed in with an email that differs from the host’s account, they will be marked as a guest. You can identify guests by viewing the participants window and looking for an orange highlight on a participant’s name. If you cannot verify the guest’s identity, then it’s best to remove them from the meeting by hovering the mouse over their name and selecting “Remove.”
  • Use Randomly Generated Meeting IDs for Public Meetings — Only share your Personal Meeting ID (PMI) with people who you know and trust. Once someone has your PMI, they can join your personal meeting room whenever it’s active. Because of this, you should be sure to disable the Use Personal Meeting ID option when scheduling any public meetings.
  • Disable ‘Join Before Host’ Disabling this option will prevent participants from joining before you, allowing you to finish setting up any further permissions or restrictions before the meeting begins.
  • Disable AnnotationsUsing annotations is a great way for participants to communicate visually during a screen sharing session, but it can also allow malicious users to share inappropriate imagery or messages. For that reason, it’s generally a good idea to disable annotations by going to Settings>Meeting (Basic) unless absolutely necessary.
  • Disable File Transfers File Transfer allows meeting participants to share files through Zoom’s in-meeting chat. Unless you actively use this feature, the safest option is to disable it altogether by going to your Settings page. If you do use it, it’s wise to limit the type of files that can be transferred in this way. Left unmonitored, a malicious file could be spread to all meeting participants.
  • Download the Zoom for Outlook add-in — If you are using Microsoft Outlook, get the official Zoom add-in by going to Manage Add-ins>Add from the Office Store, then searching “Zoom for Outlook.” This add-in will not only allow you to schedule meetings in Zoom directly through Outlook, but help prevent private meeting IDs from being shared in unsecured spaces.

To learn more about insurance best practices in response to COVID-19, check out our resources or contact us today.

Author

Christopher Watkins

Christopher Watkins

Chief Information Officer

Chris oversees Information Security, Infrastructure Operations, Automation, Enterprise Applications, and Product Development. Previously a senior consultant for Deloitte, Chris is an expert in technology strategy and systems implementation in the financial services space. Instrumental in ReSource Pro’s digital transformation Recognized expert in insurance industry technology and information security Masters of Information Systems Management from Carnegie Mellon