To ensure users conduct secure virtual meetings, Zoom Owners and Admins should setup Zoom with the following recommended settings:
- Review all settings under Advanced->Security
- Review all settings under Account Management->Account Settings
- Disable “Join before host” by default.
- If JBH is enabled, all scheduled meetings become available to anyone at any time. Someone may discover an open virtual room and use it fraudulently.
- Disable “Use Personal Meeting ID (PMI) when scheduling a meeting”.
- This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
- Disable “User Personal Meeting ID (PMI) when starting an instant meeting”.
- This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
- Enable “Only authenticated users can join meetings” but will require host to disable at scheduling for meetings not requiring authentication.
- If meetings only have authenticated users, there is reliable audit log of genuine participants who joined the meetings.
- This will help to prevent Zoombombing, authenticated students can be audited if acceptable use policy breached.
- Enable and enforce (padlocked) “Require a password when scheduling new meetings”.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable and enforce (padlocked) “Require a password for instant meetings”.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable and enforce (padlocked) “Require a password for Personal Meeting ID (PMI).”
- For “All meetings using PMI”. WARNING: consider the impact to your users as there are many users using PMI for daily and scheduled future meetings.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable “Embed password in meeting link for one-click join”
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable and enforce (padlocked) “Require password for participants joining by phone”
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- Enable “Bypass the password when joining meetings from meeting list”
- Enable and enforce (padlocked) “Mute participants upon entry”
- This will help to prevent noisy participants from disrupting the meeting.
- Enable “Play sound when participants join or leave”.
- This will help to creates awareness of participants in meetings.
- Enable and enforce (padlocked) “Screen Sharing” but set “Host Only” can share.
- This will help to prevent Zoombombing by screen sharing.
- Disable “Allow removed participants to rejoin”.
- Enable “Waiting Room”
- Host can admit permitted participants.
- This will help to prevent Zoombombing.
- Disable “Join before host” by default.
In addition, it is also very important for your organisation to:
- Have a safe use/acceptable use policy for appropriate use of information technology.
- Keep the Zoom software and devices updated. Find out more about updates