Recommendations for Zoom as of April 10, 2020

Over the past few weeks, Zoom has become one of the most popular video conferencing platforms in the world.  But with this newfound popularity, has come the realization that Zoom had some security and privacy issues that needed to be addressed.  While Zoom has been taking steps to address these issues and has made a number of very positive changes, Zoom users, particularly hosts, can still do a lot to help ensure that their meetings are safe and trouble free.

After reviewing Zoom and hosting several meetings, we are recommending the following practices and settings to help protect your meeting Participants and content from malicious users.  Please note that this is not intended to cover all of the settings that are possible within Zoom, so if you have any questions about specific settings, please feel free to reach out to us for assistance.  We will post updates to these recommendations as they become necesssary.

Recommendations:

  • Never share any Zoom meeting links in a public forum such as social media.
    This is the number one way that malicious users find Zoom meetings and cause trouble.
  • Never set up meetings using the Personal Meeting ID (PMI) of your Zoom account.  Instead, use the automatically generated per-meeting ID provided by Zoom for each meeting you schedule or host.  Using your Personal Meeting ID for every meeting would allow anyone who obtains your Personal Meeting ID to join any open meetings at any time… not good!
  • Always start meetings with the Host video off. Starting the meeting with your video off allows you to get ready and make any last minute adjustments before you are on camera.
  • Always start meetings with the Host audio muted. Starting the meeting with your audio muted allows you to make sure your environment is quiet and ready for the meeting before you start talking.
  • Always start meetings with your Participants video off. This allows your participants to make sure they, their rooms, their family, and their pets, are all ready before the Participant starts their camera.
  • Always start meetings with your Participants muted. This allows your Participants to make sure they, their rooms, their family, and their pets, are all ready before they start talking.
  • Always use a “Waiting Room”. This feature puts all users attempting to join your meeting in a special holding area so you can screen them before they access the actual meeting.  If it is not apparent who the user is from their name in the Waiting Room, you can chat with them while they are still in the Waiting Room to confirm their identity before letting them in to your meeting.
  • Disable “Join Before Host”. This may be disabled by default, but it is a good idea to review this setting just to be sure.  This feature will prevent anyone from joining your meeting before you are ready to monitor your Participants.
  • Always require a meeting password for both online users AND those who are joining by phone.Requiring a meeting password for all users prevents anyone who stumbles upon your meeting information from accessing your meeting since they will not have the password.
  • Never include the password in the meeting URL that is sent in the meeting invite.  Including the password in the URL bypasses the need for Participants to have the password when they click your meeting link to join by computer.  In your Zoom settings online, disable the “Embed password in meeting link for one-click join” feature to resolve this issue.
  • If you allow screen sharing, start the meeting with it set to “Host Only”. This prevents users from inadvertently sharing things that are not meant to be seen by the rest of the Participants.  You can change this option from the new Security icon in the bottom toolbar to allow Participants to share during your meeting if necessary.
  • Once the meeting begins, lock the meeting so no one else can join. This prevents anyone from joining the meeting, even if they have the password.

Affiliations