Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe. It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs). With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature. Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far. Risk mitigation: The good news is that there are several things you can do to mitigate the security risks associated with Zoom. The most basic are: Ensure Zoom is always on the latest software version Build awareness of Zoom phishing scams into user training programmes. Users should only download the Zoom client from a trusted site and check for anything suspicious in the meeting URL when joining a meeting Ensure all home workers have anti-malware including phishing detection installed from a reputable vendor Organizational preparedness: Next, it’s important to revisit those administrative settings in the app, to reduce the opportunities for hackers and Zoombombers. Fortunately, automatically generated passwords are now switched on by default, and the use of personal meeting IDs are switched off, meaning Zoom will create a random, one-off ID for each meeting. These setting should be kept as is. But organisations can do more, including: 1) Ensure you also generate a meeting ID automatically for recurring meetings 2) Set screen-sharing to “host only” to prevent uninvited guests from sharing disruptive content 3) Don’t share any meeting IDs online 4) Disable “file transfers” to mitigate risk of malware 5) Make sure that only authenticated users can join meetings 6) Lock the meeting once it’s started to prevent anyone new joining 7) Use waiting room feature, so the host can only allow attendees from a pre-assigned register 8) Play a sound when someone enters or leaves the room 9) Allow host to put attendees on hold, temporarily removing them from a meeting if necessary”  Read Less