Securing Zoom Meetings

Keeping Your Zoom Meeting Private and Secure

Zoom is a safe and private platform for your online meetings. However, there are privacy issues that users need to be aware of. Once in a meeting, unknown or unwelcome guests can join your meeting, known as zoom-bombing. They can listen in on discussions, capture screenshots, and even disrupt the meeting with unwanted and inappropriate video, audio, or shared content.

The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees. We recommend using as many of these options as you reasonably can without impacting your meeting operations and attendance. If you are discussing sensitive or confidential information in your meetings, these measures become significantly much more important.

Instructions are below if you like to read and follow along. There are also two training videos with guided tour on how to secure live events and meetings.

Keep Zoom Software Updated

Zoom is regularly updating their software with improvements and security enhancements. It is recommended that you update Zoom whenever prompted.  Users can manually check for updates at any time by clicking "Check for Updates" in the user icon of the application window.

Meeting Links & Dial-in Information

If your meeting is not meant to be public do not post meeting links or dial-in information in public forums, like social media or on web pages.

Require Zoom Sign-in to Join a Meeting

When setting up your meeting you can require users to have signed into Zoom to join. If you enable this you can ignore "Meeting Passwords" below. There are two options: signed into Zoom with any Zoom account or signed in with an @csustan.edu Zoom account. For meetings with only affiliated individuals the signed in with an @csustan.edu Zoom account is appropriate to use. If you expecting guests who do not have a WarriorID the signed in with a Zoom account option will insure guests are known to Zoom and not anonymous.

  • When scheduling a meeting, under Security, select Only authenticated users can join then choose Signed in to a Zoom account OR csustan.zoom.us

Allow or Block Entry from a Country/Region

Zoom allows a meeting host to choose which countries/regions are allowed to connect to a meeting. It can also be configured to block specific countries/regions. If you know all your attendees are in the US, or other specific countries/regions, we recommend you only allow access from those places.

  • When scheduling a meeting, under Advanced Options, select Approve or block entry from users from specific countries/regions, in the pop up window select the allow or block action and fill in the country or regions to take the action on.

Meeting Passwords

Set a password for public meetings and webinars. Please consider the following when setting up a Zoom session:

  • When scheduling a meeting, under Meeting Options, select Require Meeting Password.
  • Please consider the following when picking a password:
    • Passwords do not need to be complex if they are rotated frequently.
    • If you are going to have phone participants numeric-only passwords are best.

Participants will be asked for this password in order to join your meeting.
You may distribute the meeting password using Blackboard or another secure method of distribution.

Enable the Waiting Room Feature

The Waiting Room Feature allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. This requires more work by the host, but only allows participants to join if you specifically admit them.

Disable Join Before Host

This is the default setting for all meetings. Please consider the following when setting up a Zoom session:

  • If you are scheduling a meeting where sensitive information will be discussed, it's best to leave Enable to Join Before Host (found under Meeting Options when scheduling a meeting) turned off.
  • Visit Zoom's Join Before Host help page for more information.
  • Always assign an Alternative Host for all your meetings.

Appoint a Co-Host

Appointing a co-host fallows the host to share hosting privileges with another user, including blocking and removing participants. The host must assign a co-host. There is no limitation on the number of co-hosts you can have in a meeting or webinar.

Co-hosts should be watchful for guests using their video camera and microphone. Moderators should scroll down the list of video users as the meeting is in progress to be aware of any disruptive activity.

Limit Sharing With the Host

Zoom allows users to share screens, audio from another computer, and files. While in your meeting, please follow the guidance below to limit sharing with the Host:

  1. Click the up-arrow next to Share Screen.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.

This will not be appropriate when multiple participants need to share and collaborate, but setting this restriction will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.

Lock Your Session

The Zoom Host Controls allow the host or co-host to lock the meeting. Once all your attendees have joined, please consider the following security measures:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, click More.
  3. From the list that appears, click Lock Meeting.
  4. Unlock the meeting following the same steps.

When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so do not lock the meeting until everyone has joined.

Disable Annotation on Presentations or Whiteboard by Participants

This is enabled by default. If you do not want participants to be able to draw on your presentation or whiteboard you need to disable this for all your meetings or from inside the meeting. It is recommended this be disabled for meeting open to the public or guests.

Disable Annotation for all Your Meetings

  1. Open Zoom, click on your Profile picture in the upper right corner, go to the Settings option.
  2. In the Settings window, click View More Settings in the bottom of the General tab page, and log in to the Zoom web console.
  3. In the Zoom web console select Settings then In Meeting (Basic), and scroll down to the Annotation section, and turn on Only the user who is sharing can annotate. You can enable participants to annotate in your meeting but it will not be enabled by default.

Disable (or Enable) Participant Annotation in an Active Meeting

  1. In your meeting after you have shared your screen go to the floating meeting controls and click the More botton on the right.
  2. In the menu that drops down select Disable Annotation for Others, or Eanble Annotation for Others.

Enable Sound When a Participant Joins or Leaves

Enabling "Play Sound When Participants Join or Leave" creates a bit of extra noise, but it could also alert the host and co-host to the arrival of unwelcome guests.

To Enable Chime for All Meetings You Host

  1. Select Settings from the menu.
  2. Scroll down until you see the option Play sound when participants join or leave.
  3. Toggle this option On.
  4. Once enabled, you will see additional options: who hears the chime (just the host or all attendees) and whether participants should be prompted to record their names when joining by telephone.
  5. This setting will apply to all meetings you host, including ones that were scheduled before you changed the setting.

To Enable Chime for Meetings in Progress

  1. Click Manage Participants to view the Participant List of the meeting.
  2. At the bottom of the Participant List, select More.
  3. From the menu that appears, enable Play Enter/Exit Chime option.

Remove a Participant from a Zoom Meeting or Webinar

If despite these precautions, someone you do not know shows up in your meeting, you should take it seriously; it is possible that these incidents may result in disruption of classes/meetings, theft of service, phishing attempts to obtain confidential information, or unauthorized access to Stanislaus State services.

If you have already begun a session and find an unwanted attendee has joined, please take the following steps to remove the unwanted participant from a Zoom session:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. Next to the person, you want to remove, click More.
  3. From the list that appears, click Remove.

By default, if you remove participants or panelists from the webinar, they will not be able to rejoin using the same email address.

Reporting Unwanted or Disruptive Participants

If you encounter participants who are repeatedly in closed classes/meetings or disruptive please report the incidents to security@csustan.edu for follow up.

Resources

How to Keep the Party Crashers from Crashing Your Zoom Event - Zoom Blog March 20, 2020