Securing a Zoom Meeting

"Zoom bombing" refers to an uninvited individual disrupting a Zoom meeting. Zoom offers a number of security options that you can use to prevent unwelcome participants from joining your meeting or to limit their ability to share inappropriate content. To help prevent this issue, meeting hosts should implement measures to protect themselves and their meetings. 

You can control granular, global default settings for all your Zoom meetings by logging into your account at http://union.zoom.us. On the left side, go to [Personal] > [Settings] and toggle settings as you see fit.  Several options are listed below, but it is not necessary to change all of these settings to protect the security of your meeting. Choose the options that will best address your specific concerns while still creating a convenient meeting space for you and your meeting participants. You can adjust settings while a meeting is in progress or when scheduling a meeting. ITS highly recommends requiring passwords for your meetings and enabling waiting rooms.

In addition to these settings, you should also look at doing the following:

  1. Check the settings for Zoom meetings already created
  2. Set security for all cloud recordings
  3. Zoom articles

Use a Random Meeting ID

It’s best practice to generate a random meeting ID for your class/meeting, so it can’t be shared multiple times. This is the better alternative to using your Personal Meeting ID, which is not advised because it’s basically an ongoing meeting that’s always running.

For faculty, we recommend you set up Zoom via Nexus, so students access the [Join] button through the course website (versus sending them a link via email-see screenshot below).  This helps, as Nexus is a password protected site that only students should be able to access by signing in with their Union College credentials.

Password protect your class/meeting (STRONGLY RECOMMENDED)

Require a password to join the meeting for extra security and disable Embed password in meeting link for one-click join.  

Do not share invites to Zoom meetings on social media. Instead, send the meeting password directly to attendees.
Screenshot of Password options in Zoom settings

Note, if you set a password using the Zoom plugin in Nexus, the password is accessible to students when they click on the "Invitation" button:

Password Screenshot

Password Screenshot in Zoom tool in Nexus: Where students can see password

Require password for participants joining by phone (STRONGLY RECOMMENDED)

A numeric password will be required for participants joining by phone if your meeting has a password. For meeting with an alphanumeric password, a numeric version will be generated. If you do not enable this setting, participants joining by phone can bypass the password setting for participants joining through a computer with the Zoom client.

Screenshot of Phone Password setting

Set a password for viewing recordings 

ITS disabled this setting globally, as any host can enable this security in his/her local Zoom profile Recording settings. If this is something you want, please log in to your Union College Zoom profile "Recording" settings and toggle the button on next to Require password to access shared cloud recordings. If you record a session with a password and then later want to delete it, simply log in to manage your Union College Zoom recordings. Find the recording you want to modify and click the [Share] button. You will see that a password is assigned to the recordings. Simply toggle the switch next to Password Protect off and then click the [Close] button.
 

Manage screen sharing

Set Screen sharing so only the host is allowed:

Screen Sharing settings screenshot

Manage annotations

Modify Annotation and Whiteboard settings so participants are not allowed to use them. Note, if you disable these settings, you/the host, will also not be able use annotations or the whiteboard in the meeting. 
Screenshot of Annotation and Whiteboard Settings in Zoom

Enable Waiting Rooms to every Zoom meeting (STRONGLY RECOMMENDED)

As the meeting host, you can admit attendees (students) one by one or hold all attendees (students) in the waiting room and admit them all at once.
Screenshot of Waiting Room setting in Zoom Settings

Enable only authenticated users can join meetings

Enable the setting so only authenticated users can join meetings

Screenshot of Authenticate User settings in Zoom

When you enable this setting, participants joining who have the Zoom client are prompted with a message to sign in with their Zoom account credentials. Instruct students to Sign in with SSO, and for company domain they should type in union. From there, they will be brought to Union College's single sign on page, where they can enter in their Union College username and password.

Screenshot to authenticate to Zoom Client

Play a sound when participants join or leave

Enable the profile setting to play a sound when participants join or leave. Having a sound notify you when an attendee enters and leaves is helpful (especially if you lock the room once the session starts. If someone gets booted out of the meeting you should hear a sound. If that happens, you may want to unlock the session so the participants can enter the waiting room again.)

Screenshot of Play sound when participant joins or leaves setting

Check the settings for Zoom meetings already created:

ITS recommends you check the settings of all the meetings you’ve already created via the Union Zoom portal. These will be listed as Upcoming Meetings under the Meeting area of your Zoom profile.

If you have created recurring meetings:

  • Click on [Topic] and it will sort your list by meeting ID.
  • Click on the meeting link title under Topic, scroll do the bottom of the page, and select [Edit this Meeting]. If you are prompted Do you want to edit only this meeting, or all recurring meetings?, select [All].
  • Change your meeting settings, as desired. ITS recommends:
    • Meeting Password: check [Require Meeting Password]. You can use the random number created or type in one of your choice. The most secure option is to use the random number.
    • Enable join before host: uncheck
    • Mute participants upon entry: check 
    • Enable waiting room: check
    • Only authenticated users can join: optional check. For strongest security, you can enable this settiing. This will require your students to login to the Zoom Client before they will be able to join your class.
  • If you enable these, make sure you send an email to students notifying them of the changes. Instruct them to read the first bullet under the heading During class in the knowledge base article Attending Classes in Zoom.

Use Zoom session toolbar controls

Lock the Door!

Lock a Zoom session that’s already started, so that no one else can join. After you add people from the Waiting Room, click [Security] at the bottom of your Zoom window and check [Lock Meeting].

Lock Down Private Chat

Restrict the chat so students cannot privately message other students. It is better to control chat access in your in-meeting toolbar controls (rather than disabling it altogether) so students can still interact with you as needed.

End Meeting/Remove a participant

In the very unlikely event a student shares something inappropriate, it is recommended that you end the meeting immediately and notify ITS. Make sure you have a password on the meeting and waiting room enabled and restart the meeting, carefully vetting who you are letting into the session. Email your students whether or not you are restarting the session or not. 

Alternatively, you as the host and instructor can "remove" them from the meeting instead of ending meeting.

  1. Click on [Security] 
  2. Select [Remove Participants]
  3. Hover over her/his name on the list of names that appears on the right
  4. Click on [More] and then [Remove] from the drop-down menu.

Make sure that, in your settings, the option [allow removed participants to rejoin] has been disabled in global Zoom Profile settings. This way the student/participant won't be able to come back, at least not with the same device.

Set security for all cloud recordings:

To secure the Zoom cloud recordings you create, navigate to your Zoom recording settings page. These options apply to all the Zoom recordings you create.

Restrict viewing of recordings to authenticated users

To restrict viewing, enable [Only authenticated users can view cloud recordings] from the Zoom recording settings page. When this setting is enabled, users must have a Zoom account to view the recording.

Set password protection for recordings

To set password protection, enable [Require password to access shared cloud recordings] from the Zoom recording settings page. When this setting is enabled, a random password will be generated that can be modified by the meeting host. This setting applies only to recordings generated after the setting is turned on.

Individual recordings 

To change security settings for individual recordings, follow these steps.

  • Navigate to the Zoom recordings page
  • Next to the desired recording, select the [Share] button
  • Make sure [Viewers Can Download] is disabled
  • Turn on or off the settings you choose.

Make sure your Zoom Client is up to date:

To find out what version you are running, see What Version Am I Running? Zoom provides a pop-up notification when there is a new mandatory or optional update within 24 hours of logging in. You can also manually download the latest version by following these directions.

Zoom articles:

Details

Article ID: 104346
Created
Sat 4/4/20 8:15 PM
Modified
Thu 4/16/20 3:16 PM