Nonprofit Cybersecurity Tips for Zoom
Nonprofit cybersecurity is, increasingly, a crucial consideration. Cyberattacks are on the rise. Cyber defense professionals constantly need to adapt. Organizations can’t afford to take cybersecurity risks lightly, and the industry’s statistics reflect this reality.
The unprecedented shift to remote work has been dizzying to keep up with. It has also shown the benefit of seeing our friends and colleagues who are sitting on the other side of a remote meeting. While most organizations already had some sort of conferencing software available, the use and adoption of those systems has dramatically increased.
Now that we’re over the initial shock of remote work and the associated scramble to get tools in place to support us, there are some critical security questions being asked about some of the most popular solutions that have been deployed.
You can download our Guide to Remote Work: Microsoft SharePoint and Teams here for more tips on remote work tools.
Zoom and Cybersecurity
The biggest target of that attention has been Zoom. Zoom has been the leader in the video conferencing space for the past year or so. It is easy to use and has an easy video sharing feature which allows transition from a gallery view of many attendees to focusing just on the speaker or presenter.
Unfortunately, the Zoom privacy policy and security settings have some catch up work to do. Zoom’s ease of use and free 40-minute meetings made it a really attractive offering for people looking to get something deployed quickly. The free version of the Zoom service was initially sending user data to Facebook from iOS devices, a practice that has since been stopped. Zoom was also claiming support for end to end encrypted communication, which turns out to not be entirely true.
To their credit Zoom has reacted quickly. They’ve published this post that addresses many of the issues that have been raised by privacy and security experts. They’ve also included some tips for improving the security of hosted meetings, which I’ve summarized below.
If your organization is using Zoom, be sure to check out the discounting available through TechSoup for their Business and Pro subscriptions.
Zoom Best Practices and Tips
Here are some good practices to keep in mind when setting up Zoom video conferences:
Don’t publish the link (or screenshot) publicly: There have been many cases where meetings have been “zoom bombed” by attendees that came into a meeting that they weren’t invited to and generally caused a lot of havoc. For Zoom, joining a meeting just takes a 9 digit code, and by default meetings are open so that anyone with the meeting number can get in.
Utitlize Zoom for public meetings you wish to broadcast on Facebook. You can control privacy settings and group access in Zoom, but share a meeting with a larger public group through Facebook Live or other social sites. This allows your meeting to reach a larger number of viewers without allowing those viewers to actively participate, and protects your meeting ID and password.
For Private meetings require a password:
- As a way to ensure only the invited attendees can access your meeting, require a password. These settings are found under Schedule -> Meeting Options -> Privacy
- Remind your attendees not to share the meeting number or password outside your invited group. Once the number and password are shared with participants, there is no additional way to keep that information private to your group.
Turn off video sharing and screensharing, and mute attendee audio by default: Beyond the security aspect of these recommendations, it’s good to be in control of who can share their camera or screen and when participants may talk. It also helps to avoid the unexpected camera sharing if you’re not quite ready to be on screen yet!
Know how to remove a disruptive participant and prevent disruptive participants from returning. This setting is found under Manage Participants -> next to the person you want to remove, click More -> Remove. For more on managing meetings and removing participants, Zoom has FAQ articles here.
Other Video Conference Options
Zoom isn’t the only option available for video conferencing, popular as it is. For organizations that have Office 365, video conferencing is built into Microsoft Teams. Teams allows users to approve meeting attendees and has robust security and compliance features. For GSuite/Google users, there is Hangouts for group video calls.
If privacy and security is the utmost requirement then solutions such as Signal or Keybase can be used to ensure the privacy of your communications. These solutions are known as “zero knowledge” encryption solutions where the service provider doesn’t hold the encryption keys for the data that flows through their platform. Google also provides Duo for end to end video calls
Community IT and Cybersecurity for Nonprofits
At Community IT, we know that there isn’t a one-size-fits-all solution for cybersecurity. We accurately assess, implement, and manage cybersecurity solutions for nonprofit organizations. We also work with your employees to educate them on best practices for avoiding attackers.
Our experience working with nonprofits allows us to provide cybersecurity solutions that are aligned with the unique culture and needs of your organization. At the end of the day, our cybersecurity services allow you to have peace of mind that your organization is safe from dangerous threats. We have worked with many organizations giving them nonprofit cybersecurity tips for zoom.
If you have questions about the security of your solution or want some recommendations for how to improve the security of your remote staff, please don’t hesitate to reach out.