Securing Zoom Meetings

Keeping Your Zoom Meeting Private and Secure

Zoom is a safe and private platform for your online meetings. However, there are privacy issues that users need to be aware of. Once in a meeting, unknown or unwelcome guests can join your meeting, known as zoom-bombing. They can listen in on discussions, capture screenshots, and even disrupt the meeting with unwanted and inappropriate video, audio, or shared content.

The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees. We recommend using as many of these options as you reasonably can without impacting your meeting operations and attendance. If you are discussing sensitive or confidential information in your meetings, these measures become significantly much more important.

Keep Zoom Software Updated

Zoom is regularly updating their software with improvements and security enhancements. It is recommended that you update Zoom whenever prompted.  Users can manually check for updates at any time by clicking "Check for Updates" in the user icon of the application window.

Meeting Links & Dial-in Information

If your meeting is not meant to be public do not post meeting links or dial-in information in public forums, like social media or on web pages.

Require Zoom Sign-in to Join a Meeting

When setting up your meeting you can require users to have signed into Zoom to join. If you enable this you can ignore "Meeting Passwords" below.

  • When scheduling a meeting, under Advanced Options, select Only authenticated users can join: Sign in to Zoom

Meeting Passwords

Set a password for public meetings and webinars. Please consider the following when setting up a Zoom session:

  • When scheduling a meeting, under Meeting Options, select Require Meeting Password.
  • Please consider the following when picking a password:
    • Passwords do not need to be complex if they are rotated frequently.
    • If you are going to have phone participants numeric-only passwords are best.

Participants will be asked for this password in order to join your meeting.
You may distribute the meeting password using Blackboard or another secure method of distribution.

Enable the Waiting Room Feature

The Waiting Room Feature allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. This requires more work by the host, but only allows participants to join if you specifically admit them.

Disable Join Before Host

This is the default setting for all meetings. Please consider the following when setting up a Zoom session:

  • If you are scheduling a meeting where sensitive information will be discussed, it's best to leave Enable to Join Before Host (found under Meeting Options when scheduling a meeting) turned off.
  • Visit Zoom's Join Before Host help page for more information.
  • Always assign an Alternative Host for all your meetings.

Appoint a Co-Host

Appointing a co-host fallows the host to share hosting privileges with another user, including blocking and removing participants. The host must assign a co-host. There is no limitation on the number of co-hosts you can have in a meeting or webinar.

Co-hosts should be watchful for guests using their video camera and microphone. Moderators should scroll down the list of video users as the meeting is in progress to be aware of any disruptive activity.

Limit Sharing With the Host

Zoom allows users to share screens, audio from another computer, and files. While in your meeting, please follow the guidance below to limit sharing with the Host:

  1. Click the up-arrow next to Share Screen.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.

This will not be appropriate when multiple participants need to share and collaborate, but setting this restriction will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.

Lock Your Session

The Zoom Host Controls allow the host or co-host to lock the meeting. Once all your attendees have joined, please consider the following security measures:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, click More.
  3. From the list that appears, click Lock Meeting.
  4. Unlock the meeting following the same steps.

When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so do not lock the meeting until everyone has joined.

Enable Sound When a Participant Joins or Leaves

Enabling "Play Sound When Participants Join or Leave" creates a bit of extra noise, but it could also alert the host and co-host to the arrival of unwelcome guests.

To Enable Chime for All Meetings You Host

  1. Select Settings from the menu.
  2. Scroll down until you see the option Play sound when participants join or leave.
  3. Toggle this option On.
  4. Once enabled, you will see additional options: who hears the chime (just the host or all attendees) and whether participants should be prompted to record their names when joining by telephone.
  5. This setting will apply to all meetings you host, including ones that were scheduled before you changed the setting.

To Enable Chime for Meetings in Progress

  1. Click Manage Participants to view the Participant List of the meeting.
  2. At the bottom of the Participant List, select More.
  3. From the menu that appears, enable Play Enter/Exit Chime option.

Remove a Participant from a Zoom Meeting or Webinar

If despite these precautions, someone you do not know shows up in your meeting, you should take it seriously; it is possible that these incidents may result in disruption of classes/meetings, theft of service, phishing attempts to obtain confidential information, or unauthorized access to Stanislaus State services.

If you have already begun a session and find an unwanted attendee has joined, please take the following steps to remove the unwanted participant from a Zoom session:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. Next to the person, you want to remove, click More.
  3. From the list that appears, click Remove.

By default, if you remove participants or panelists from the webinar, they will not be able to rejoin using the same email address.

Reporting Unwanted or Disruptive Participants

If you encounter participants who are repeatedly in closed classes/meetings or disruptive please report the incidents to security@csustan.edu for follow up.

Resources

How to Keep the Party Crashers from Crashing Your Zoom Event - Zoom Blog March 20, 2020