New York City teachers have been told to stop using Zoom to connect with their students for remote learning due to concerns about security and privacy breaches.
The city’s department of education says it has received several reports of security breaches related to the videoconferencing app. In some cases, strangers have been able to join chats, reports NBC New York.
The department is encouraging teachers to use Microsoft Teams instead of Zoom.
Since March 23, New York City public schools switched all of their in-person classes to online formats. The switch was made to slow the spread of COVID-19.
Last week, the FBI warned the public that online classrooms and teleconferencing apps were being hijacked or “Zoom bombed.” Online meetings were interrupted with porn, threats and hateful content.
Related: Zoom Battles Transparency Issues Amid Growing Popularity
Other schools and organizations are following New York City’s lead after several other incidents at other schools, businesses and churches. Last week, Zoom CEO Eric Yuan announced in a blog post that the company was freezing new features as it works on addressing these issues.
If you’re selling Zoom or installing a Zoom Room for a client, make sure they’re aware of this growing cybersecurity trend and are prepared to take steps to prevent it.
The FBI recommends the following steps to mitigate Zoom’s teleconference hijacking vulnerabilities:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
This article originally appeared in our sister publication Campus Safety.
