How To Keep Your Zoom Sessions Secure (IT) (2024)

Zoom is a synchronous (live) web conferencing tool that is fantastic for fostering meaningful instructor-student and student-student interactions. It is being used by many faculty to assist with a smooth transition to temporary remote teaching and learning.It is important to consider the security implications of the Zoom meetings that you set up. It is important to properly secure your meeting if there is any discussion of Level 1 or Level 2 data. In addition, if it is a video meeting it is important to secure the recording if there are minors involved or non-CSUN participants.

Zoombombing and other disruptions to class are a reality today, especially with the sheer volume of meetings taking place on the platform, CSUN and otherwise. These disruptions are not isolated to Zoom – they take place on other platforms as well. Many of these incidents are avoidable with the right settings. It all depends on how much you need to lock down your class. We've split these recommendations up into four main sections:Basic Security,Next Level Security,Highest LevelandExtra Options.

Screen Sharing

It is important to control who can share screens and annotate (markup) your shared screen. By default, only the host can share screen. You can change this setting using theSecuritybutton and changing the setting to allow sharing from participants.

Annotation

Annotation is another feature that you’ll want to control. We recommend only allowing the user who is sharing [to be able] to annotate.This means that a bad actor cannot markup your shared screen while you are in control. Only you can annotate.

Sharing the Zoom Link in a Secure Location

Share your meeting links only in secure locations. Email is not secure. Canvas is. Though, of course, one of your students could share it with a bad actor, but at least you have to sign into Canvas before you can get to the link.

You may embed Zoom Class links in weekly modules by using the+ Module Itemin Canvas and selecting theExternal URLfeature.

Copy and paste your Zoom Meeting URL and give the link a name (e.g., Virtual Class Link, Zoom Link).

Passcodes

A meetingwithouta passcode is an invitation for Zoombombing. Bad actors can “robo-dial” thousands of meetings at a time looking for one that doesn’t have a passcode, and get in. Passcodes are now a default for any meetings created since August 14th. If you created meetings before this, simply:

  1. Log in into Zoomcsun.zoom.us
  2. Find your meeting.
  3. Check theuse passcodebox.
  4. Redistribute the new link to the meeting.

The last step is the most important. A new link will be generated, so you’ll have to pass that out. Also note that our administrative default setting is to embed the passcode into the link. The good news is that users still just click on a single link to get in. The bad news is that sharing that single link with a bad actor (someone outside your class) gets them in, too.

Examples:

Normal Zoom Link Example: https://csun.zoom.us/8122067712

Secure Password Embedded Zoom Link: https://csun.zoom.us/787200447?pwd=M1hWaC8wWUNqU2RYckFWR2hSQ

Waiting Rooms

A waiting room is a holding area for students to go into before being allowed into class. Someone (usually the instructor) has to monitor the waiting room to let students in. We recommend urging your students to be on-time to class so that you do not have to watch the waiting room several minutes into class. You can do anything from verifying appropriate usernames before letting them in (a common habit of bad actors is to use usernames in poor taste) or even compare usernames to rosters.

Note: Either a waiting room or a passcode will be required in the future, making some of this conversation moot, but this is a worthwhile topic to discuss and understand nevertheless.

A step up from either passcodes or waiting rooms is to only allow authenticated users to join the meeting. This means that only students that have logged into Zoom.us are allowed in. This is regardless of using the other security measures. When choosing your options, you can even set it so that only authenticated users from csun.edu and/or my.csun.edu are allowed in. This means that a student must do single sign-on (SSO) prior to entering the class, with CSUN credentials. This is the highest security level, as it makes it easily identifiable who is doing what. They cannot hide behind fake usernames.

If set, users will see this message:

Disabling Chat

Follow these instructions to disable chat in a Zoom meeting:

  1. In the Zoom meeting window, selectChat.
  2. In theChatpanel, select theChatmenu icon.
  3. In the pop-up window, selectNo Oneto prevent participants from chatting in the meeting.

Muting All

  1. Select theParticipants(Manage Participants)button in the Zoom toolbar. This is located at the bottom of your session window.
  2. At the bottom of theParticipantswindow, selectMore.
  3. ChooseMute Participants on Entry.
  4. DeselectAllow Participants to Unmute Themselves.

Removing Unwanted Participants

In Zoom, open theParticipantslist.

  1. Select the unwanted participant.
  2. SelectMore.
  3. SelectRemove.

Note: Unless you have enabled the option to allow removed users to return, that specific account will not be able to rejoin the meeting. ViewManage Participants in a Meeting (video).

See Also
Zoom Video and Web ConferencingZoom (IT) | CSU NorthridgeZoom Webinar-Style Meetings Using a Pro Account

For more information about Zoom Security, please visit these links below:

Best Practices for Securing Your Virtual Classroom
How to Keep Uninvited Guests Out of Your Zoom Session
A Letter from Zoom’s Management Team to Customers and Users
CSUN's How to Keep Your Zoom Sessions Secure

Should you experience a disruption to your class, please contact the IT Help Center at (818) 677-1400 to report the situation. We will triage, address, and/or route the issue to the appropriate teams (e.g. security).

To enhance the security of Zoom sessions, and in anticipation of a global change Zoom is set to make on September 27, we will soon be requiring passwords on all newly-created Zoom meetings. This change will happen prior to the beginning of the Fall semester. Additional information will be available in the future, as we approach these dates.

Meetings scheduled without a passcode will show a red icon in the Zoom web dashboard, along with a red exclamation point next to the meeting name. For instructions on adding a passcode to your scheduled meeting, visit the accordion section titled "How do I keep my Zoom meeting secure?" on theCSUN Zoom main page.

Most likely, your Zoom In-Meeting settings at the account level are set to allow all participants to share. Giving students the opportunity to share their work is a powerful feature of Zoom. It is best to leave this setting enabled at the account level and make fine-tuned adjustments within meetings when it is not appropriate for others to share.

Below, is a screenshot of the Zoom meeting settings at the account level. To check your account settings, go tohttps://csun.zoom.us/, sign in, chooseSettingson the left, and then selectIn-Meeting (Basic)and scroll toScreen sharing.

In-Meeting Screen Share Settings

  1. In the Zoom toolbar, select the caret next toShare Screen.
  2. In theAdvanced Sharing Optionswindow, make these adjustments:
    • How many participants can share at the same time?
      • SelectOne participant can share at a time.
    • Who can share?
      • SelectOnly Host.

3. When you get to a point in your meeting where you want students to share, return toAdvanced Sharing Optionsand adjust the settings.

If you haveAnnotationenabled in yourIn-Meeting (Basic)settings at the account level, that means attendees will be able to annotate on your shared screen at any time.

To check your account level settings:

  1. Log in athttps://csun.zoom.us/
  2. On the left, chooseSettings.
  3. SelectIn-Meeting Basic.
  4. Scroll toAnnotation. If Annotation is enabled, that means attendees can annotate on your shared screen.

While this feature can be great for collaborative activities, you can easily deactivate the feature butonly once you have begun to share your screen. Follow these steps:

  1. Share your screen.
  2. SelectMorein the screen share controls.
  3. SelectDisable participants annotation.

If you wish to encourage students to annotate your shared screen, simply re-enable the feature by following the same steps.

TheChatfeature is a useful feature in Zoom, which allows participants to chat with the group or one another, directly. However, to safeguard your meeting, this feature can be turned off if needed.

Follow these instructions to disable chat in a Zoom meeting.

  1. In the Zoom meeting window, selectChat.
  2. In theChatpanel, select theChatmenu icon.
  3. In the pop-up window, selectNo Oneto prevent participants from chatting in the meeting.

To enhance the security of Zoom sessions, and in anticipation of a global change Zoom is set to make on September 27, we will soon be requiring passwords on all newly-created Zoom meetings. This change will happen prior to the beginning of the Fall semester. Additional information will be available in the future, as we approach these dates. For more information on Passwords, Waiting Rooms, and these new requirements, visit Zoom'sFAQ Meetings Waiting Room and Passcode Requirements page.

TheWaiting Roomfeature allows the host to control when a participant joins the meeting. As the host, you can admit attendees one by one, or hold all attendees in the waiting room and admit them all at once. This prevents a participant from disruptingthe meeting before the host has joined.This can be extremely helpful for faculty office hours sessions (to preserve student privacy). It can be effective during a live class session but will require more management by the host during the session.

Enable Waiting Room

To enableWaiting Roomfor all users in the account:

  1. Sign in to the Zoom as an administrator with the privilege to edit account settings.
  2. In the navigation menu, clickAccount ManagementthenAccount Settings.
  3. Navigate to theWaiting Roomoption on theMeetingtab and verify that the setting is enabled.
    Note: If the setting is disabled, select theStatustoggle to enable it. If a verification dialog displays, chooseTurn Onto verify the change.
  4. Select who you want to admit to the waiting room.
    • All participants: All participants joining your meeting will be admitted to the waiting room.
    • Guest participants only: Only participants who are not on your Zoom account or are not logged in will be admitted to the waiting room. If not logged in, they will have an option to log in.
      Note: IfGuest participants onlyis enabled, you can also enable the option to allow internal participants (users on the account), to admit guests from the waiting room if the host is not in the meeting.
  5. (Optional) If you want to make this setting mandatory for all users in your account, select thelockicon, and then selectLockto confirm the setting.

To end a meeting for all participants, selectEnd Meeting(only available to the host) and thenEnd Meeting for All(otherwise the meeting will continue for others, including the trolls). If you want to have the meeting continue, you should give another participant host control before leaving the meeting.

Source:6 Tips to Deter Zoom-bombers in Times of Disruption

Far End Camera Control allows another user to take control of your camera and use Pan-Tilt-Zoom (PTZ) functionality of the camera. This feature opens the session up to security vulnerabilities. For this reason, this feature should be disabled. To verify if it is disabled:

  1. Sign into the Zoom web portal as an administrator with the privilege to editAccount Settings, and selectAccount Settings.
  2. Navigate to theFar end camera controloption on theMeetingtab and verify that the setting is disabled.

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password.If you have set up your calendar so that it is open for colleagues to view the details of your meetings,this can expose the password to anyone who views your calendar. We recommend making the calendar entry private or editing the entry to remove the Zoom meeting password.

This meeting setting can help reduce audio issues but will also mute microphones for all attendees as they join the room. The ability to allow participants to unmute themselves can be disabled by the host or co-host within the meeting. In addition to the steps below, viewManaging Participants in a Meeting (video)for more information.

  1. Select theManage Participantsbutton in the Zoom toolbar.
  2. At the bottom of theParticipantswindow, selectMore.
  • ChooseMute Participants on Entry
  • DeselectAllow Participants to Unmute Themselves

How To Encourage Students To Share In Voice

Stop and various points and ask students if they have questions. Instruct them to use the Raise Hand feature to communicate to you that they’d like to speak. You will see a raised hand next to a student’s name in the Participants window. Verbally call on the student and manually unmute the student’s mic.

If a meeting is recorded, the recording is located on the host’s local machine. Please be aware of the content and have all participants permissions in place before posting the meeting to a public site. We recommend securing the recording usingmyCSUNBox.

To protect recorded sessions, faculty who choose to record a session should keep those recordings in Canvas or myCSUNbox where they are secure.

In Zoom, open theParticipantslist. Select the unwanted participant, select "More," select "Remove." Unless you have enabled the option to allow removed users to return, that specific account will not be able to rejoin the meeting. ViewManage Participants in a Meeting (video).

To enhance the security of Zoom sessions, and in anticipation of a global change Zoom is set to make on September 27, we will soon be requiring passwords on all newly-created Zoom meetings. This change will happen prior to the beginning of the Fall semester. Additional information will be available in the future, as we approach these dates.For more information on these new requirements, visit Zoom'sFAQ Meetings Waiting Room and Passcode Requirements page.

You can add a password that participants must enter or otherwise have access to in order to join your meeting. You could share the main meeting details more broadly and then distribute the password to only your audience. Also, we recommend that you create unique meetings for each session, rather than reusing the meeting ID for all meetings. If you do, and the meeting is compromised, all meetings using the same meeting ID and password will also be compromised.

An important feature, outlined below, shows how to “embed password in meeting link for one-click join.” This allows users to click once to get into a meeting, not have to enter the password manually, yet still thwart most unwanted intruders.

Enabling password settings for your account and embedding passwords

  1. Sign in to the Zoom:https://csun.zoom.us/and navigate toSettings.
  2. Navigate to theMeeting taband verify that the password settings that you would like to use for your account are enabled.Note:If the setting is disabled, select theStatustoggle to enable it. If a verification dialog displays, chooseTurn Onto verify the change.
  3. In theEmbed password in meeting link for one-click join,Turn Onthe feature by clicking on the toggle button.

Note:If the option is grayed out, it has been locked at either the Group or Account level, and you will need to contact your Zoom administrator.

By default, meetings are assigned a random password. You can update the password to one you prefer in your settings.

For more information on updating passwords visitMeetings & Webinar Passwords.

Be Mindful of Where You Publicize Your Meeting

You increase the risk of unwanted guests if you post your meeting details online. Be careful about posting the "join" details of an online event to websites, social media, or other publicly accessible sources.

  • Share the meeting link to only the intended participants.You are strongly advised to share your Zoom session link in your password protected Canvas course, so it can only be accessed by students enrolled in your class.
  • Ask participants to not share the meeting details beyond the intended audience (class, team, colleagues, etc.).
  • Avoid posting the meeting link, PIN, ID, and/or password on social media or public sources.
  • Use a secure service, e.g. a learning management system such as Canvas, to share or post the links or meeting details.

If someone has accidentally (or purposely) turned on their webcam and you do not want the video to display, you can use the "Stop Video." After doing this, the participant will no longer be able to share their webcam until you choose "Ask to Start Video." For more information on what a host can do, visitControls for Hosts and Co-Hosts.

To prevent others from screen sharing, the host can share their screen or disable the option for attendees to share their screens. Of course, for student presentations or collaboration, the screen sharing option is vital. As the host, you may wish to configure "Only Host" in the beginning and then allow others to screen share when appropriate. For more information, viewHost and Co-Host Controls in a Meeting (video).

CSUN recommends faculty, staff and students use their browser to connect to meetings rather than the dedicated Zoom app. This setting reduces the number of possible vulnerabilities a hacker can use t to compromise your machine. Chrome, Firefox, Edge and Opera are easy to update and hardened against attacks. If you do want to continue to use the Zoom app, please make sure you are checking for updates regularly.

  1. SecurityIcon: The Security Icon at the bottom of the screen contains all the Zoom security features previouslyfound in the meetingmenus.
  2. Robust Host Controls: Admins will be able to report an unauthorized user through the securityicon. They will also have the option to disable the ability for users to rename themselves. For education customers screen sharing is now limited to the host.
  3. Waiting Room Default: For education customers the waiting room feature is now set by default. The waiting room option is also availableas the meeting is in progress.
  4. Meeting password complexity and default-on: Meeting passwords are nowonby default. For those who have access to administeredaccounts, have the ability to define password complexity such as length, characters, and/or specific requirements.
  5. Cloud recording passwords: Passwords are now set as a default for those who want to access the recordings aside from the meeting host.
  6. Secure account contact sharing: Zoom will support larger corporationsallowing users to meet with with contacts acrossmultiple accounts.
  7. Dashboard enhancement: Admin userscan view theirconnection to the Zoom data centers on theirZoom dashboards.
  8. Additional: New non-PMI meetings have 11 digits IDs. Invite and meeting Ids have been removed from ongoing meetings and have been moved to the participants menu, making this harder to accidentallyshare the theirmeeting ID.

For more information on Zoom, please visit thepage.

A new form of trolling in which a participant uses Zoom’s screensharing feature to interrupt and disrupt meetings and classes.The disruptions are being termed Zoombombings and the perpetrators Zoom Trolls.These incidents can create significant issues with the teaching and learning of materials and steps should be taken to prevent this.

Below are some practices that may reduce the likelihood of this occurring during one of your sessions and the recovery actions you can take if it does.

When in doubt, know how to end a session for all attendees immediately, if necessary. Instructions are in theEnd a Meeting Immediatelysection.

To balance security with functionality, review the options below and make the best decisions for your needs. We recommend that you consider a "dry run" with a colleague before your official class or meeting to verify that the settings match your desired outcomes.

TODO

How To Keep Your Zoom Sessions Secure (IT) (2024)

References

Top Articles
BigData Republic on LinkedIn: Let's give a warm welcome to Rasmus! Expert in data science, focusing on…
Best 10 Hotels near De Bazuin familiekerk in Nieuwegein, 2024 | Trip.com
Farm & Garden near Hermiston, OR - craigslist
LEVEL 52 CODM ACCOUNT WITH 50 EPIC WEAPON SKINS AND CHARACTER SKI... | ID 212345969 | PlayerAuctions
Dublin: Städte und Dörfer an der Küste | Ireland.com
Die Küste von Dublin
Lorain County Jail, OH Inmate Search: Roster & Mugshots
The life sentence of Robert DuBoise
Live Gold Spot Price Chart
What Countries Have the Largest Gold Reserves?
Sharpening Your Board IQ: Advice for Staff Noncommissioned Officers, Reporting Seniors, and Reviewing Officers
Baltimore Red Line project to be light rail
Latest Posts
Myanmar: Junta Evading International Sanctions
A turning point in Myanmar as army suffers big losses
Article information

Author: Van Hayes

Last Updated:

Views: 6213

Rating: 4.6 / 5 (66 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Van Hayes

Birthday: 1994-06-07

Address: 2004 Kling Rapid, New Destiny, MT 64658-2367

Phone: +512425013758

Job: National Farming Director

Hobby: Reading, Polo, Genealogy, amateur radio, Scouting, Stand-up comedy, Cryptography

Introduction: My name is Van Hayes, I am a thankful, friendly, smiling, calm, powerful, fine, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.