Zoom - Security Practices for Zoom Video Conferencing

Tags Zoom

Introduction

As  many  Cabrillo  Community  College  district  employees  and  staff  are  working remotely,  there  have  been  growing  concerns  around  security  and  privacy  when  using the  video  conferencing  application  Zoom.  This  article outlines the  major  security  risks and  concerns,  and  recommend  steps  that  can  be  taken  to  remedy  them. 

 

 

Privacy & Security Concerns with Tips

"ZoomBombing" - Meeting Room Hijacking

There  have  been  many  cases  of  unwelcomed  individuals  joining  meeting  rooms  and sharing  inappropriate  material  via  chat  or  webcam.  This  has  become  known  as  “Zoom bombing,”  and  meetings  hosted  by  education  institutions  have  been  the  primary  target.

The  recommended  solutions  will  be  briefly  covered  and  a  link  will  be  provided  to  the relevant  Zoom  Support  article.

 

Recommendations to avoid "ZoomBombing"

General Guidelines

  • Use a unique Zoom  ID  for  each  meeting,  avoid using your  Personal  Meeting ID.
  • Do not post  meeting links  on social  media.
  • Do not share links  to  meetings  you are invited to join without  the host’s  approval.  The host  can send more invites  to the relevant  individuals  or  parties.

 

Manage Participants as the Host

As  of  April  6,  2020,  Zoom  has  enabled  waiting  rooms  and  meeting  passwords  by default  on  free  accounts,  education  accounts,  and  single-license  accounts.
April 2020 Updates

  1. Do  not  make  meeting  rooms  open  to  the  public.  Require  a  password  for attendees  to  join. 
    Meeting and Webinar Passwords
     
  2. Utilize waiting rooms. This wll enable the control and management of guests.
    Waiting Room Configuration
     
  3. If  appropriate  for  a  meeting,  change  the  screen-sharing  option  to  “Host  Only.”
    Manage Participants in a Meeting
     
  4. Lock  the  meeting  after  a  desired  amount  of  time  has  passed.  This  will  prevent new  participants  from  joining,  even  if  they  have  the  meeting  ID  and  password. This  can  be  done  through  Host  Controls.
    Host and Co-Host Controls in a Meeting
     
  5. Require  participants  to  join  a  meeting  using  the  same  email  they  were  invited with.
     
  6. If  there  is  no  need  to  share  files  during  a  meeting,  you  can  turn  this  capability  off.
    In Meeting File Transfer
     
  7. If  there  is  no  need  to  annotate  a  screen  share,  you  can  turn  off  Annotation.
    Annotation Tools
     
  8. Disable  private  chat  to  prevent  participants  from  chatting  with  each  other.  This can  be  very  useful  in  an  education  environment.
    Controlling and Disabling In-Meeting Chat
     
  9. You  should  also  consider  making  your  meetings  Screen  Share  only.  This  will disable  webcam  access,  which  will  prevent  participants  from  sharing inappropriate  behavior
    Screen Share Only Meeting
     
  10. Double  check  your  in-meeting  security  options  by  using  the  new  security shield  icon  in  the  meeting  controls
    In-meeting Security Options
     
  11. Mask the telephone number for dial-in participants
    Mask Telephone Numbers for Participants
Was this helpful?
100% helpful - 4 reviews