Introduction
As many Cabrillo Community College district employees and staff are working remotely, there have been growing concerns around security and privacy when using the video conferencing application Zoom. This article outlines the major security risks and concerns, and recommend steps that can be taken to remedy them.
Privacy & Security Concerns with Tips
"ZoomBombing" - Meeting Room Hijacking
There have been many cases of unwelcomed individuals joining meeting rooms and sharing inappropriate material via chat or webcam. This has become known as “Zoom bombing,” and meetings hosted by education institutions have been the primary target.
The recommended solutions will be briefly covered and a link will be provided to the relevant Zoom Support article.
Recommendations to avoid "ZoomBombing"
General Guidelines
- Use a unique Zoom ID for each meeting, avoid using your Personal Meeting ID.
- Do not post meeting links on social media.
- Do not share links to meetings you are invited to join without the host’s approval. The host can send more invites to the relevant individuals or parties.
Manage Participants as the Host
As of April 6, 2020, Zoom has enabled waiting rooms and meeting passwords by default on free accounts, education accounts, and single-license accounts.
April 2020 Updates
- Do not make meeting rooms open to the public. Require a password for attendees to join.
Meeting and Webinar Passwords
- Utilize waiting rooms. This wll enable the control and management of guests.
Waiting Room Configuration
- If appropriate for a meeting, change the screen-sharing option to “Host Only.”
Manage Participants in a Meeting
- Lock the meeting after a desired amount of time has passed. This will prevent new participants from joining, even if they have the meeting ID and password. This can be done through Host Controls.
Host and Co-Host Controls in a Meeting
- Require participants to join a meeting using the same email they were invited with.
- If there is no need to share files during a meeting, you can turn this capability off.
In Meeting File Transfer
- If there is no need to annotate a screen share, you can turn off Annotation.
Annotation Tools
- Disable private chat to prevent participants from chatting with each other. This can be very useful in an education environment.
Controlling and Disabling In-Meeting Chat
- You should also consider making your meetings Screen Share only. This will disable webcam access, which will prevent participants from sharing inappropriate behavior
Screen Share Only Meeting
- Double check your in-meeting security options by using the new security shield icon in the meeting controls
In-meeting Security Options
- Mask the telephone number for dial-in participants
Mask Telephone Numbers for Participants