How online students can minimise Zoom security risks right now
Video conferencing provider Zoom has gained a lot of buzz in the last few months not only from being the app of choice for most schools, universities and corporations but also for its notorious security risks and privacy vulnerabilities.
One of the red flags on Zoom’s security risks was the emergence of ‘Zoom-bombing’, a phrase that would soon become an iconic representation of the era of remote working and virtual classrooms that we live in now.
In late-March, the FBI received several reports from schools and universities in the US where unidentified individuals managed to enter Zoom virtual meeting rooms where classes were being held and began spreading pornographic and racist slurs.
This takes advantage of a Zoom feature that enables anyone, regardless if they have signed up for a Zoom account or not, to access a meeting room via an invite URL.
Besides that, other data security vulnerabilities were identified over time which urged Zoom to revise their security measures.
Despite these measures, users of the app also need to be vigilant over their own cybersecurity and data privacy.
As students who have to use the app to access online learning lectures and workshops, there are a few precautions that can be taken to safeguard online privacy.
Zoom responsibly, avoid security risks
Zoom users, whether they be hosts or participants, need to be always conscious that the app isn’t the most secure communication platform to use.
Even with the app’s security updates, it’s good practice to be vigilant over what you share over the app, and this includes private messaging on the chat feature of the app.
FYI: if you're having a committee meeting via Zoom and you use the chat function to privately write to someone, your colleagues may not see it in real time, but it shows up when the chat is downloaded and put in the minutes folder…
— Dr. Hillary J. Haldane (@HJHaldanePhD) March 29, 2020
A university academic recently discovered that messages that transpired via the private messaging feature could be downloaded when a host downloads a recording of the meeting.
This feature is available to meeting hosts who have a paid account, what happens is that when they download a recording of the meeting, the app also downloads a copy of text transcripts from the group’s chatbox. This also includes private messages that have transpired between the host and participants.
While this does not affect private messages between participants, this means that whatever private conversation a student is having with the meeting host which in most cases would be the teacher, may end up accidentally being shared with the public.
The key takeaway here is to be aware of what you are sharing on the app, whether it’s via the general chat function or a private message to your professor.
The mindset to take when using the app is that everything is public and all the information you are sharing with other parties on the app may potentially be read by others.
Update your app
Despite the various loopholes in security and privacy, Zoom is constantly providing fixes to these issues. This doesn’t happen overnight so there are bound to be several updates for the app.
As with all your productivity apps, you need to update your Zoom app to the latest version whenever prompted.
This will ensure that you have the latest bug fixes to further safeguard your security and privacy. Delaying an update may still leave you vulnerable to some of these security risks.
Beware of shared URLs
As you would with suspicious links shared via email, do practice caution when you are given a Zoom meeting invite link or if you see a link being shared on Zoom’s chat feature.
Some of these links may be phishing scams that lead users to download malicious malware into their devices.
You should double-check any link you are given either on the app itself or an invite to join a meeting on the app as these could be cleverly disguised phishing links.
According to a report by Forbes, to be on the safe side with Zoom meeting invites users can copy and paste the meeting ID from the link and enter it in the app itself to join, this way you will know it’s a legit Zoom invite.