May 22, 2020 | 3:57 pm
The video conferencing platform Zoom announced the progress on its 90-day security plan launched on April 1 to increase the security and privacy of the platform.
Actions include the inclusion of standard security settings, such as passwords and waiting rooms for certain users, the application of security controls in meetings from the Security icon.
Lynn Haaland, Zoom’s general counsel and director of compliance and ethics, reiterated the following recommendations to protect meetings:
Do not publicly share meeting IDs or passwords. Keep Zoom’s default security features enabled: This includes waiting rooms, passwords, and restricted screen sharing. Learn about the privacy and security features of the meeting organizer, how to disable video, mute participants, delete participants, and lock a meeting. Use the meeting registration tool (participants must enter email, name or any other information).
Haaland explained that Zoom Meetings was not designed for large-scale or public events where people post the invitation on the Internet. To this end, the platform recommends using Zoom’s video webinars, which offer more control over the audience and experience.
Bug Rewards Program
Katie Moussouris, founder and CEO of Luta Security and security consultant for Zoom, reported on how the video conferencing company’s bug bounty program will work.
They will use a crowdsourcing model that relies on all parties, including security researchers, to find and report bugs.
He also noted that, before Zoom implements changes to its bug bounty program, the company will solicit feedback from the broader community to optimize them.
Update version 5.0 of Zoom
Version 5.0 of Zoom is available from April 27 and a system-wide account activation for GCM AES 256-bit encryption will take place on May 30, 2020.
Only Zoom customers in version 5.0 or later, including Zoom Rooms, will be able to join Zoom meetings from that date.
Therefore, the company recommends that all users upgrade to Zoom version 5.0 or higher, if they have not already done so.