Zoom Meeting Security

With the increasing use of Zoom, you may have heard stories in the news about uninvited guests joining meetings and being disruptive. Zoom has several features designed to help prevent this activity.

The following options can be defined when you set up or edit an existing meeting.

  • Require Meeting Password—This setting allows you to set a password for your meeting. The most important thing you can do to help protect your meeting is to keep the meeting invite and password (if used) private. Share the meeting password privately with your participants. Don’t post it to social media or public websites where uninvited guests can find and misuse it.
  • Waiting Room—This option puts participants in a staging area, where they wait until the host invites them into the Zoom meeting. This gives the host more control over who is joining and the ability to keep out uninvited guests. This option works better for small meetings but can be customized to accommodate larger groups.
  • Authenticated Users—This option requires users to sign into Zoom to join your meeting. While this is more secure than a public meeting, it still has risks; uninvited users who are logged into Zoom can still join your meeting.

If you are using the Zoom desktop application, the waiting room and authenticated user options are located under Advanced Options.

For security reasons, the screen sharing ability on Michigan Tech’s Zoom account is set by default to host only. This can be changed for your meeting by selecting the arrow next to Screen Sharing at the bottom of the meeting window. You can change this for your events in your settings at the Michigan Tech Zoom Page.

Zoom addresses these concerns and features in a recent blog post: How To Keep Uninvited Guests Out of Your Zoom Event, including how to take advantage of these features and related articles.


Google Chrome PDF Policy Change

Michigan Tech IT is changing how Google Chrome handles PDF files on Windows PCs. 

The ability to view the file in Chrome is currently disabled, forcing you to download the file to your computer and open it in Adobe Acrobat. This accommodation was for Michigan Tech forms with auto-expanding text boxes that did not work correctly with Chrome’s built-in PDF viewer. Examples include the Staff Hiring or Yearly Performance Management worksheet.

If you tried to open the form in Chrome you would see the following message:

screenshot showing please wait that appears after downloading pdf with auto-expanding text boxes

This message was confusing and uninformative. It said you should install Acrobat Reader, even though you already had the full Acrobat Professional application installed. To avoid confusion, Michigan Tech IT disabled Chrome from viewing PDFs and forced downloading the file. 

The change produced widespread and unintended consequences. It changed the familiar viewing method on personal computers and broke the Google Sheet print function used by students. Furthermore, it caused problems with Concur.

For these reasons, we are reverting Chrome to its default behavior. 

After selecting a PDF link, Chrome will attempt to display it in the web browser. If the PDF file contains auto-expanding text boxes, the “Please wait…” message will display. Download these PDFs and open them in Acrobat. View the download icon below:

download button located on on the top right corner of the pdf

Michigan Tech departments that have PDF documents with auto-expanding text boxes should configure their website to force the download of the file rather than allowing the browser to decide how to handle the file.

If you have questions about this change or need advice on how to make PDFs linked on your website download directly, we can help. Contact us at it-help@mtu.edu or 906-487-1111.


Protecting Electronic Payments

interfacing mobile device and credit card
Credit: Andrey Suslov / Shutterstock.com © 2020

Online sales in the United States grew to a record high of nearly 19 percent during the 2019 holiday season.1 At the same time, the convenience of using credit cards and other electronic payment services is compelling consumers to rapidly reduce their use of cash. The 2019 Diary of Consumer Payment Choice report shows that cash is used about 50 percent of the time for in-person transactions under $10 (for things like lunch or coffee).2 For larger purchases of $25 or more, cash is used only 10 percent of the time. Cybercriminals are taking advantage of the increase in electronic payments. According to the 2020 Cybersecurity Report from Check Point Research, mobile banking malware attacks increased 50 percent from 2018 to 2019.3 Here are some tips to help you safely use electronic payment sites.

  • Verify websites before entering important information. Clicking on a link may not take you where you expect to go. When shopping, banking, or making payments online, manually type in the website name (e.g., chase.com) instead of clicking on links in an email, social network post, or text message.
  • Look for deceptive emails and texts. Your bank or electronic payment processor won’t ask you to provide personal information or passwords via email, but scammers will. Watch this Consumer Reports video for examples.
  • Ignore phone calls from unknown and unfamiliar numbers. If you receive a phone call from someone who is urgently asking for money, there’s a good chance it’s a scam. Most of these calls can be safely ignored, but if you want to check, search for the organization’s website and find out for yourself. Don’t be rattled by threats over the phone.
  • Look for the lock icon in your browser. The lock icon in the address bar of your web browser shows that the website you’re visiting sends data in encrypted form. Never send money or pay for goods on a site without this important safeguard.
  • Public computers aren’t for private information. The computers in a hotel lobby or a public library may have a virus that records your activity, including any passwords you enter. Shop and make electronic payments only on a computer that you control.
  • Don’t use free Wi-Fi when making an electronic payment. The open nature of free Wi-Fi at cafes, airports, and other public venues makes it possible for others who are on the same Wi-Fi network to spy on your activities. If you cannot wait for another time to do your banking, use a VPN when using free Wi-Fi.
  • Consider getting a credit card just for electronic payments. If you decide to get a credit card or online account just for electronic payments, make sure the credit limit or available balance is low. This can protect you from a large loss due to online fraud.
  • Review your transactions regularly. Online banking allows you to check your account quickly and easily. Take time each day or each week to quickly review electronic payments. If you see charges you don’t recognize, notify your bank or payment application vendor (e.g., Venmo, PayPal, or Apple Pay) as soon as possible.
  • Check your credit reports to help spot fraud. Credit reporting services Experian, Equifax, and TransUnion are required to provide you with a free credit report once per year, so try to check one report every four months.4

Notes

  1. William Tsang, “Mastercard SpendingPulse: U.S. Retail Sales Grew 3.4% This Holiday Season,” Mastercard Communications, December 26, 2019. 
  2. Raynil Kumar and Shaun O’Brien, 2019 Findings from the Diary of Consumer Payment Choice,research report (San Francisco, CA: Federal Reserve Bank of San Francisco, June 2019). 
  3. Check Point Research, 2020 Cyber Security Report,research report (San Carlos, CA: Check Point Research, January 2020). 
  4. Central Source LLC, AnnualCreditReport.com (website), n.d., accessed January 22, 2020. 

Campus Security Awareness Campaign 2019

This content is from a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).