Zoom Security
share TWEET PIN IT share share 0
Tech Tips: Videoconferencing

Getting Started With Zoom — and Using It Securely: Some Advice

By Sharon Nelson and John Simek

Getting started with zoom and some advice on zoom security.

The coronavirus pandemic has forced a lot of lawyers to use videoconferencing to “meet” with co-workers and clients. One of the more popular videoconferencing platforms is Zoom. Zoom for lawyers? Indeed, we see Zoom being used the most, especially among solo and small firm lawyers. While we can’t cover all the options and settings for Zoom, here is some advice on the best way to use and secure Zoom for your firm.

(Related: Free Webinar “Working Remotely and Securely: What Lawyers Need to Know,” presented by Sharon Nelson and John Simek, covers the technology and security issues of working from home.)

Zoom Basics

The first question is, what the heck is this thing called Zoom? According to the website, “Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms.”

Zoom is extremely easy to use and is available across multiple platforms and operating systems. It has apps for Android and iOS so you can use it on your mobile device. And there are desktop clients for macOS, Windows and a bunch of Linux/Unix versions (like Ubuntu, Linux, CentOS, OpenSUSE, etc.).

Features

The primary function of Zoom is to facilitate videoconferencing. It supports video and audio transmission for each connected user over the internet. There’s also a dial-in number for audio-only connections. Some people use Zoom as an audio conference bridge so that users won’t have to incur potential long-distance phone charges.

You can also configure Zoom to allow file transfers and screen sharing. Screen sharing is very common when observing a product demo. It is even used when giving a webinar. The presenter can mute all the attendees and share their PowerPoint slides from their computer desktop. There is also a whiteboard feature where participants can annotate for all to see.

A lot of meeting controls are available to the host. The ability to control participants’ audio is an example. All participants can be muted when they first join the meeting. Audible tones can “announce” the joining of a participant. Sessions can be recorded. There is even an option to let you know if a participant is not paying attention.

Another helpful feature for mediators is the Breakout Room feature. You create the rooms and then assign participants to a specific room. When the host opens the breakout rooms, each participant gets a notice to move to the room. There, the participants can take advantage of the Zoom features (e.g., screen share, chat, etc.) among everyone in the room. Each room is isolated from the others, just like you would be in a real mediation. The host can freely move among the breakout rooms.

Plans and Pricing

Zoom has a free version, but there is a 40-minute limit per meeting that has three or more participants. The Pro version is the most popular for solo and small firm attorneys. The cost is $14.99/month per host account. (The host is the one who schedules the meeting.) Each session is limited to 24 hours (don’t invite us) and you can have up to 100 participants. There are additional admin controls as well. If you pay annually, the cost is $149.90 ($12.49/month). The next level up is the Business subscription, which is $19.99/month per host and requires a minimum of 10 hosts. A lot of enterprise features are available with the Business plan, such as a vanity URL and the ability for on-premise deployment.

We’re confident the Pro plan is more than adequate for most law firms. If you need more than one host, just purchase an additional Pro plan subscription.

Configuration Settings

We’re not going to go through all the various ways you can use or control Zoom. Assuming you have purchased a Zoom subscription, we will make some suggestions for configuring and using Zoom in a more secure fashion.

First off, make sure you are using the most up-to-date version of Zoom. If you have previously used Zoom, you probably already have Zoom installed. To manually download the latest version, launch the Zoom application, log in to Zoom and click on your user icon in the upper right (it probably has your initials). Select “Check for Updates” and follow the instructions.

Consider changing some of the default settings before scheduling a meeting. The first one to change is screen sharing. The default is to allow all participants to screen share. That means anyone can share their screen with inappropriate content. Yes, even bizarre sexual content. You definitely want to change the default to set screen sharing to host only.

Another setting is to require a meeting password. You can configure Zoom to include the password in the meeting invite or you can distribute the password separately. A related default password setting is to require a password for those joining by phone as well. Once all the intended participants have joined, close the meeting. You do this by selecting “Manage Participants” and then click “More” at the bottom of the panel. Select “Lock Meeting” to prevent anybody else from joining. As you can see, the intent is to create as many barriers as possible to prevent unintended attendance to your meeting. So-called “trolls” having a way of joining for mischievous reasons without those barriers.

It would be nice if everyone in the meeting used their video cameras so you could verify who they are. However, some participants may not want their cameras turned on or they call in using a telephone. There is another Zoom setting to prevent someone from changing their display name to indicate they are someone else. When you are in the meeting, go back to the Manage Participants panel and click on “More” again. Make sure the “Allow Participants to Rename Themselves” is unchecked.

An additional step to prevent the display of inappropriate content is disabling virtual backgrounds. Go to the “Setting” section in Zoom and select the “In Meeting (Advanced)” choice. Disable the “Virtual background” option. This prevents someone from displaying an inappropriate image as their background.

Control when the meeting starts. Don’t let the participants join the meeting before you do. Who knows what could be going on before you connect? In the “Schedule Meeting” section of “Settings,” turn off the “Join before host” option.

If you are particularly paranoid about what someone might pop up or write on a screen, you should turn off annotations and whiteboard in the “In Meeting (Basic)” section.

Consider turning on “Allow host to put attendee on hold” in the “In Meeting (Basic)” section. This will allow you to kick people out of the meeting if necessary. Hopefully, you won’t have to do that, but it’s a good idea to have the option if needed.

Scheduling Caution

It is highly recommended that you NOT use your Personal Meeting ID (PMI) when scheduling meetings. Your PMI is a constant value and never changes. Once it is known to someone, they could connect to the meeting whether they have been invited or not. Of course, requiring a password for PMI meetings will help, but our recommendation still is to not use PMI — period. Allowing Zoom to automatically generate the meeting ID is a more secure option. This means that each scheduled meeting will have a unique meeting ID.

Account Security

Just like any other service you use, your password should be strong and not easily guessed. In addition, you should enable two-factor authentication (2FA). It still amazes us that the default is not set to require 2FA. You enable 2FA by selecting “Security” in the “Admin” section, under “Advanced.” Turn on the “Sign in with Two-Factor Authentication” option.

Zoom Security Privacy Points

You need to understand that Zoom is constantly being criticized for its collection of data. It’s rare that we come across a lawyer who has actually read the Terms of Service, Acceptable Use, or Privacy Policy. The Terms of Service for Zoom is 13 pages, which may take you a little time to plow through. The interesting thing is that Zoom just updated its privacy policy on March 18, 2020. Coincidence, or was it in response to the sudden spike in users flocking to Zoom?

Bottom line: Zoom collects a lot of data from users about their devices, activities and data shared or transferred. Consumer Reports pointed out that advertising campaigns could be developed from videos and chat messages. Like Facebook, Zoom could use facial recognition technology against all the recorded videos.

A major difference with Zoom is the amount of control hosts have over participants and their activities. We’ve already discussed some of the recommended configuration settings to restrict what participants can do. The director of privacy and technology policy at Consumer Reports, Justin Brookman, said, “Zoom puts a lot of power in the hands of the meeting hosts. The host has more power to record and monitor the call than you might realize if you’re just a participant, especially if he or she has a corporate account.”

Another Zoom criticism is the ability to determine whether attendees are paying attention. There is an “Attention tracking” setting that monitors when a participant has clicked focus away from the Zoom window for more than 30 seconds. Some users call it the “Boss Is Watching” feature to see if you are doing other things while your boss is pontificating.

Final Words

Zoom is extremely easy to use even for those less technically inclined. Performance is good and there are lots of features to use. However, there are also features that can go array. Spend a little time to become familiar with Zoom’s capabilities, especially if you are the one hosting the meetings.

Sharon D. Nelson (@SharonNelsonEsq) is a practicing attorney and the president of Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association and the Fairfax Law Foundation. She is a co-author of 18 books published by the American Bar Association. Contact her at snelson@senseient.com

John W. Simek (@SenseiEnt) is vice president of Sensei Enterprises. He is a Certified Information Systems Security Professional, Certified Ethical Hacker and a nationally known expert in the area of digital forensics. He and Sharon provide legal technology, cybersecurity and digital forensics services from their Fairfax, Virginia, firm. Contact him at jsimek@senseient.com.

More Help for Meeting Virtually

Image courtesy of Zoom.com.

Subscribe to Attorney at Work

Get really good ideas every day for your law practice: Subscribe to the Daily Dispatch (it’s free). Follow us on Twitter @attnyatwork.

share TWEET PIN IT share share
MUST READ Articles for Law Firms Click to expand
envelope

Welcome to Attorney at Work!

Sign up for our free newsletter.

x

All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.