Notice: Information and plans for upcoming academic terms. Learn more.

Recommended Zoom Security Settings

Threat Level: Low
Threat Type: Zoom meeting interception or interruption
Advisory Date: 03/24/2020

Description

Zoom has seen a rapid uptake in new users looking to connect with students and colleagues while remote learning and remote working are recommended during the COVID-19 pandemic.

As more meetings are held online with Zoom, security of these sessions becomes more important. 

Similar to any other public form, it is possible for a person (who may or may not be invited) to disrupt an event that’s meant to bring people together.

Impact

External parties have documented cases where meetings have been hijacked by unknown, uninvited parties in order to disrupt meeting sessions.  This could include creating noise on the audio line, sharing inappropate webcam images, screen content, or files.

Attackers could also listen in and steal private informaton shared during the meeting.

Resolution

Thus, it is important to note the following when using Zoom to host meetings:

  • When you share a meeting link on social media, or any other public forum, the event becomes public. Anyone with this link can join your meeting.
  • Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting. You don’t want to share this with the public, as they could join your personal meeting space.  It is better to use a unique meeting IDs for each meeting session.

You should ensure that your Zoom settings are configured to protect your meeting from being intruded upon:

Control Screen Sharing:

  • You should ensure that participants of your Zoom session are not able to share their screen.  Otherwise it is possible for participants to accidently or intentionally share unwanted content with the attendees.
  • To prevent participants from screen sharing during a call, using the host controls at the bottom, click the arrow next to Share Screen and then Advanced Sharing Options.
  • To prevent participants from screen sharing before the meeting, once logged into the Zoom.us site, under settings, and then under the section “Who can share?” choose “Only Host” and close the window. You can also lock the Screen Share by default for all your meetings in your web settings.

Participant Controls:

  • Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
  • Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable ’Mute Upon Entry’ in your settings to keep the clamor at bay in large meetings.
  • Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from used for unrelated or inappropriate content.
  • Remove unwanted or disruptive participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to remove a participant from a meeting.

Limit Co-hosts:

  • If you are the host of the meeting, you can add co-hosts.  Co-hosts should be limited to those who require the same abilities as the host, such as managing participants. However, it is very important not to add untrusted attendees as co-hosts, as they have the ability to add attendees, or share screens.

Additional Recommendations:

It is important to familiarize yourself with Zoom’s settings and features so you understand how to protect your meeting time and help ensure responsible usage.

Resources

Video Tutorial on how to mute participants, control screen sharing, and lock the meeting:  https://vimeo.com/user8438670/review/399891782/fa4ff451d7

Zoom Recommendations: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/

Zoom Managing Participants: https://support.zoom.us/hc/en-us/articles/115005759423-Managing-participants-in-a-meeting

Zoom Co-host Controls: https://support.zoom.us/hc/en-us/articles/206330935-Enabling-and-Adding-a-Co-Host

ZDNet: How to prevent your Zoom meetings benig Zoom-bombed by trolls: https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/

Business Insider: Trolls have started invading public Zoom calls: https://www.businessinsider.com/zoom-settings-change-avoids-trolls-porn-2020-3

New York Times: Zoombombing: When Video Conferences Go Wrong: https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html

If you require assistance configuring your Zoom meeting, please contact the IT Support Centre: