We recommend that users familiarise themselves with all the available Zoom security features that they can apply to have safe online meetings.
It is also recommended that users are using the latest Zoom software. Find out more about how to update your Zoom software.
When a user (host) schedules a Zoom meeting, it is recommended to
- select "Generate Automatically" meeting ID. Using different meeting IDs for different meetings is safer than using same meeting IDs as the reuse of meeting IDs can accidentally be joined by uninvited participants.
- select "Require meeting password". This will protect the meeting from being joined by uninvited participants who may interrupt the meeting with "Zoombombing".
- and under "Meeting Options"
- don't select "Enable join before host" if it is not necessary and if this is a recurring/perpetual meeting.
- select "Mute participants upon entry". This will ensure participants do not share audio when they are not ready.
- select "Enable waiting room". This can help the host of the meeting to not let unwanted participants into the meeting.
- if it is an internal meeting or a virtual classroom with expected participants, select "Only authenticated users can join".
During the Zoom meeting, the host of the meeting can make use of Zoom host controls to have secure and safe meetings. These includes
- Available from version 4.6.10, there is the Security icon in meeting controls that allows quick and easy to find access to security features.
- the host ability to manage all participants. Click on "Manage Participants" to see the participant list.
- Right click on participant to manage the individual user. You can "Remove" or "Put in Waiting Room" any participant that is causing problem in the meeting or virtual classroom
- Click on "More" to see the options to ...
- Mute Participants on Entry. This will prevent unwanted noise from new participants who aren't ready.
- Allow Participants to Unmute Themselves. This is useful to not allow especially in a classroom scenario if the students are noisy.
- Allow Participants to Rename Themselves. This is useful to not allow especially if all the participants are authenticated to join the meeting.
- Play Enter/Exit Chime so there is awareness of presence of participants. This may not be suitable to turn on for meetings with large participants.
- Put Participants in Waiting Room on Entry so the host can admit only allowed participants into the meeting.
- Lock Meeting when all participants are in meeting.
- the host can control participant ability to
- share screen. Click on the arrow to the right of the "Share Screen" icon, selecting Advanced Sharing Options and then selecting who can share: Only Host or All Participants.
- have in-meeting chat.
- Click on "Chat" and then the "[...]" to select who participants can chat with
After the meeting, the host may collect recorded content from the meeting. The host will ensure that the collected content from the Zoom meeting is stored in a safe place, this includes ...
- not distributing photos/recordings of the Zoom meeting in online social media sites e.g. Facebook.
- reviewing your collected content before sharing. This includes the meeting recording and the in-meeting chat. The host's private messages are recorded in saved chat messages.
You can also check out this video by Zoom team to securing your virtual meeting/classroom ...
Personal Settings
The following is a list of recommended settings for Zoom users to apply for secure meetings in the Personal Settings:
Under Personal->Settings ...
- Disable “Join before host” by default.
- If JBH is enabled, all scheduled meetings become available to anyone at any time. Someone may discover an open virtual room and use it fraudulently.
- Disable “Use Personal Meeting ID (PMI) when scheduling a meeting”.
- This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
- Disable “User Personal Meeting ID (PMI) when starting an instant meeting”.
- This will help to prevent someone from joining the meeting at the wrong time if the meeting ID is reused.
- Enable “Only authenticated users can join meetings” but will require host to disable at scheduling for meetings not requiring authentication.
- If meetings only have authenticated users, there is reliable audit log of genuine participants who joined the meetings.
- This will help to prevent Zoombombing, authenticated students can be audited if acceptable use policy breached.
- Enable “Require a password when scheduling new meetings”.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable “Require a password for instant meetings”.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable “Require a password for Personal Meeting ID (PMI).” For “All meetings using PMI”.
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable “Embed password in meeting link for one-click join”
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- This will help to prevent Zoombombing.
- Enable “Require password for participants joining by phone”
- Password is required so people cannot enter to discover an open virtual room and use it fraudulently.
- Enable “Mute participants upon entry”
- This will help to prevent noisy participants from disrupting the meeting.
- Enable "Require Encryption for 3rd Party Endpoints (H323/SIP)
- Enable “Play sound when participants join or leave”.
- This will help to creates awareness of participants in meetings.
- Enable “Screen Sharing” but set “Host Only” can share.
- This will help to prevent Zoombombing by screen sharing.
- During the meeting, the host of meeting can enable screen sharing for all participants if required.
- Disable “Allow removed participants to rejoin”.
- Enable "Virtual background"
- This helps to hide video background detail that users may not wish to share with other participants in meetings.
- Enable “Waiting Room”
- Host can admit permitted participants.
- This will help to prevent Zoombombing.
In addition, it is also very important for Zoom users to:
- understand the safe/acceptable use policy for appropriate use of the provided information technology services by your institution/organisation/school/university.
- keep the Zoom software and devices updated. Find out more about how to update your Zoom software.