Recommended Zoom Security Settings
Description
Zoom has seen a rapid uptake in new users looking to connect with students and colleagues while remote learning and remote working are recommended during the COVID-19 pandemic.
As more meetings are held online with Zoom, security of these sessions becomes more important.
Similar to any other public form, it is possible for a person (who may or may not be invited) to disrupt an event that’s meant to bring people together.
Impact
External parties have documented cases where meetings have been hijacked by unknown, uninvited parties in order to disrupt meeting sessions. This could include creating noise on the audio line, sharing inappropate webcam images, screen content, or files.
Attackers could also listen in and steal private informaton shared during the meeting.
Resolution
Thus, it is important to note the following when using Zoom to host meetings:
- When you share a meeting link on social media, or any other public forum, the event becomes public. Anyone with this link can join your meeting.
- Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting. You don’t want to share this with the public, as they could join your personal meeting space. It is better to use a unique meeting IDs for each meeting session.
You should ensure that your Zoom settings are configured to protect your meeting from being intruded upon:
Control Screen Sharing:
- You should ensure that participants of your Zoom session are not able to share their screen. Otherwise it is possible for participants to accidently or intentionally share unwanted content with the attendees.
- To prevent participants from screen sharing during a call, using the host controls at the bottom, click the arrow next to Share Screen and then Advanced Sharing Options.
- To prevent participants from screen sharing before the meeting, once logged into the Zoom.us site, under settings, and then under the section “Who can share?” choose “Only Host” and close the window. You can also lock the Screen Share by default for all your meetings in your web settings.
Participant Controls:
- Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
- Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable ’Mute Upon Entry’ in your settings to keep the clamor at bay in large meetings.
- Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from used for unrelated or inappropriate content.
- Remove unwanted or disruptive participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to remove a participant from a meeting.
- For full support article on managing participants, including screen sharing, please see: https://support.zoom.us/hc/en-us/articles/115005759423
Limit Co-hosts:
- If you are the host of the meeting, you can add co-hosts. Co-hosts should be limited to those who require the same abilities as the host, such as managing participants. However, it is very important not to add untrusted attendees as co-hosts, as they have the ability to add attendees, or share screens.
- Please see the full support article from Zoom on co-hosts at: https://support.zoom.us/hc/en-us/articles/206330935-Enabling-and-Adding-a-Co-Host
Additional Recommendations:
- Utilize the waiting room, so that you can monitor who is admitted to the meeting.
- Allowing only signed in users to participate. Everyone attending a meeting configured in this way will need to be Zoom account holders who have authenticated against Zoom.
- These recommendations are available at: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/
It is important to familiarize yourself with Zoom’s settings and features so you understand how to protect your meeting time and help ensure responsible usage.
Resources
Video Tutorial on how to mute participants, control screen sharing, and lock the meeting: https://vimeo.com/user8438670/review/399891782/fa4ff451d7
Zoom Recommendations: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/
Zoom Managing Participants: https://support.zoom.us/hc/en-us/articles/115005759423-Managing-participants-in-a-meeting
Zoom Co-host Controls: https://support.zoom.us/hc/en-us/articles/206330935-Enabling-and-Adding-a-Co-Host
ZDNet: How to prevent your Zoom meetings benig Zoom-bombed by trolls: https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/
Business Insider: Trolls have started invading public Zoom calls: https://www.businessinsider.com/zoom-settings-change-avoids-trolls-porn-2020-3
New York Times: Zoombombing: When Video Conferences Go Wrong: https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html
If you require assistance configuring your Zoom meeting, please contact the IT Support Centre:
- Email: IT.Support@uregina.ca
- Phone: 306-585-4685
- Toll-free in Canada: 1-844-585-4685