Zoom Security Best Practices

Tags Security Zoom

Keep your Zoom Meetings Private

The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees. We recommend using as many of these options as you reasonably can without impacting your meeting operations. If you are discussing any sensitive or confidential information in your meetings, these measures become that much more important.

Default Settings for Zoom Meetings

These settings were applied to the UND Zoom account on April 6, 2020:

  • Enable passcodes by default for:
    • Newly created meetings
    • Personal meeting rooms
    • Phone passcodes
    • Cloud recordings
  • Enable waiting room for guest participants only by default
  • Meeting ID no longer displayed on title toolbar
  • New security toolbar icon for hosts within meetings/sessions

Options When Setting Up a New Meeting or Editing an Existing Meeting

Require Meeting Passcode

  • Passcodes are turned on by default for all new meetings.
  • It's highly recommended that you set a strong passcode for all meetings and webinars.
  • It is highly recommended that you add a passcode to your Personal Meeting Room. 
  • When scheduling a meeting, under Meeting Options, select Require meeting passcode, then specify a strong passcode (make your passcode at least eight characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols). Participants will be asked for this passcode in order to join your meeting.

Require Registration

  • For both meetings and webinars, you can require users register to join your class.
  • Registration can be set to automatically accept everyone, or you can manually approve each participant to regulate class attendance.
  • Optional for webinars - you may import a large registrant list into Zoom via CSV.
  • Registration questions may be customized, and the data collected is temporarily saved after the meeting has ended. This can be useful for records and analysis; you can generate custom reports, or simply download a list of people who registered. Alternatively, you can use an in-meeting poll to collect attendance data.

Enable the Waiting Room for All Participants

  • Waiting Room for unauthenticated guest participants is enabled by default.  This setting allows authenticated users logged in with a UND Zoom account to bypass the waiting room, but guest participants must wait and be approved for admission to the meeting.
  • To change this setting so that all participants must stay in the waiting room before being allowed to join, select the All participants option in the meeting host's Personal Account Settings. To do this, log into und.zoom.us and go to Settings, click on In Meeting (Advanced), and scroll to Waiting room and select All participants.
  • The Waiting Room feature allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. This requires more work by the host, but only allows participants to join if you specifically admit them.
  • You can also use the waiting room during the course of the meeting, to temporarily remove a guest. The waiting room can be customized to display an image or information that will be useful to your participants, or simply share a message they can read while they're waiting.

Disable Join Before Host

  • If you are scheduling a meeting where sensitive information will be discussed, it's best to leave Enable join before host (found under Meeting Options when scheduling a meeting) turned off. Visit Zoom's Join Before Host help page for more information.
  • The Join Before Host option can be convenient for allowing others to continue with a meeting if you are not available to start it, but with this option enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting.
  • Another option is to assign an Alternative Host, who can start the meeting on the host's behalf.
  • Note: It's still possible for a meeting to start without you (the host) even if Join Before Host is disabled. If you have given someone Scheduling Privilege, which allows them to schedule meetings on your behalf, then when that person joins a meeting before you, the meeting will begin and they will be made the host. This is typically not a problem, as the recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

Meeting Security Considerations When Scheduling from Outlook

  • If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Add-in, note that the calendar entry may include the Zoom meeting passcode. If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the passcode to anyone who views your calendar. You can protect the passcode by making the calendar entry private or editing the entry to remove the Zoom meeting passcode.

More Security Settings to Consider Before Starting Your Meeting

  • Use roles to help manage your meeting. You can assign alternative hosts (before the meeting begins) and co-hosts (during a meeting) to share administration responsibilities during the session.
  • Some security settings are available to edit on the fly, once the meeting has begun. Please see the following section for settings that can be changed while the meeting is in progress.

Options Available to Hosts in a Live Zoom Session

Security Toolbar Icon for Hosts

The meeting host now has a Security option in their meeting controls, which exposes all of Zoom’s existing in-meeting security controls one place. This includes locking the meeting, enabling Waiting Room, and more. Users can also now enable Waiting Room during a meeting, even if the feature was not turned on before its start. For more information, please see this recently published Blog.

The following settings can be enabled from the in-meeting menu

  • Lock Meeting: Locks the meeting, which keeps new participants from joining. This feature not only keeps out unwanted guests, but it is also great for enforcing a tardiness policy.
  • Enable Waiting Room: Enables Waiting Room for incoming new participants, or move current participants from the meeting into the Waiting Room.
  • Hide Profile Pictures: Hide all profile pictures, including the host. Display names are shown instead.
  • Allow participants to:
    • Share Screen: Allows participants to start Screen Shares. For education users, the screen sharing settings are defaulted to allow only the host to share a screen.
    • Chat: Allows participants to use the chat function. The host has the ability to lock the chat so attendees cannot privately message each other, but students can still chat with the instructor.
    • Rename Themselves: Allows participants to rename themselves from the Participants panel. The name change is in effect only for the current meeting.
    • Unmute Themselves: Allows participants to unmute themselves without the host's permission.
    • Start Video: Allows participants to start their video in the meeting.
    • Annotate on Shared Content: Allows participants to annotate over content shared during the meeting. The host can enable or disable annotation by participants when the host is sharing. 
  • Remove Participant: Allows the removal of a participant from a meeting. The participant can not re-join unless Allow removed participants to rejoin is enabled in Meeting settings. Alternatively, you may temporarily place the attendee on hold.
  • Report: Allows you to report a user to Zoom's Trust and Safety team. You will be able to select which user to report and provide details about the problem. You can also upload evidence, such as screenshots. 
  • Suspend Participant Activities: Turn off all participant's video, audio, and ability to share their screen. Also lock the meeting to prevent participants from joining. This will apply to all participants including those joined using a Zoom Room.

Best Practices

Below are some helpful recommendations to improve the privacy and security of web based virtual meetings:

  • Lock meetings when sharing sensitive information.
  • Be aware that individuals may choose to record a meeting using audio or video recording tools outside of the meeting software.
  • Always run the newest version of the Zoom client.  Download the Zoom client directly from und.zoom.us .
  • Passcode protect each meeting with a unique passcode using letters, numbers and special characters.
  • Passcode protect recordings of meetings with a unique and complex passcode using letters, numbers and special characters.
  • Do not share your meeting link in public forums or on social media. In the event you must advertise your meeting publicly, remove the passcode embedded in the link and ask attendees to contact the organizer for the passcode.
  • Use a meeting ID rather than the personal ID associated with your Zoom account. The meeting ID should change for each meeting.
  • Disable sharing for all attendees except for the meeting host, when possible.
  • Use the waiting room/lobby feature to ensure only invited attendees are able to access the meeting. The meeting host will admit participants and be able to prevent suspicious attendees from joining.
  • Remove and block anyone from meeting rooms with an unrecognizable or unverifiable identity. Once removed, the person or people cannot come back in.
  • For more information about security best practices for your online classroom, please see this​​​​​​ article from Zoom.

Zoom Health HIPAA Compliance

For meetings requiring HIPAA compliance, a separate sub account is available.  Access to this sub account must be requested.  Meetings created by hosts within the sub account will be HIPAA compliant.  Some features, such as cloud recording, will be unavailable to users within this sub account.  To learn more and request access, please view the Zoom Health License Request article.

 

 


Contact Us

Chat with Tech Support Submit a Ticket Call 701-777-2222