- Created by Unknown User (arichard), last modified by Jeff Austin on May 31, 2023
Overview
Zoom is a popular video-conferencing tool, primarily because of its ease of use, and its ability to connect users remotely. But these strengths come with vulnerabilities that hosts should consider when using Zoom.
Hosts don't need to follow all of these best practices but should use the minimal number of practices that fit their needs and secures the meeting.
Best practices
Avoid using your Personal Meeting room (also referred to as PMI) for scheduled meetings
If you post a link to your Personal Meeting room publicly, then anyone could disrupt that room. Your Personal Meeting room in Zoom should be used for impromptu meetings with co-workers or third-party users you routinely communicate with.
If your meeting occurs sometime in the future, then schedule the Zoom meeting instead of using your Personal Meeting room.
Keep all Zoom meeting details (links, IDs, passwords) private
Only the invitees should know these details unless the Zoom meet is meant to be public.
Disable "Join before host"
Turn "Join before host" off. This way, the Zoom meeting won't start until the host joins.
Mute participants upon entry
Some users may be unaware that their mics are on when they join. To avoid this, simply mute the participants' mics when they join.
Hosts can set this as the default for all meetings (Settings, then do a word search for Mute all participants when they join a meeting). Or configure this setting after the meeting begins (Visit Managing participants in a meeting to learn more; do a word search for Mute Participants upon Entry).
Enable the Waiting Room
When hosts enable the Waiting Room, participants don't join the Zoom meeting immediately after they click their invite links. They are sent to a virtual Waiting Room instead, where the hosts could either admin those participants one-by-one, or admit them all.
The hosts can even post a custom message in the Waiting Room.
Ensure that only hosts can share their screens
Hosts can ensure that only they (and their co-hosts and alternative hosts) can share their screens in Zoom meetings. Visit Managing participants in a meeting and do a word search for to prevent participants from screen sharing (the Zoom meeting must have already begun before changing these settings, so consider joining the Zoom meeting early).
You could also set the default for your Zoom account, so that only hosts (as well as co-hosts and alternative hosts) are the only ones can share their screens during your meeting. Go to your Settings, and do a word search for Screen sharing.
Allow only invitees into your meeting
If you have a set invitee list with email address, then configure your meeting so that only those invites may join.
Set a meeting passcode
Setting a meeting passcode for the Zoom meeting ensures that only those with the passcode could join.
Lock the meeting
Hosts can lock Zoom meetings after those meetings have started. This feature will even lock out those with the meeting ID and passcode.
Disable video
Hosts can disable a participant's video. However, participants can reenable video themselves.
Mute participants
Hosts can mute all participants, or mute one at a time. However, participants can unmute themselves.
Suspend participant activities
Hosts and co-hosts can pause the meeting to remove and report an offending party and prevent further disruption.
Turn off file transfer
Hosts can turn off file transfers for participants. With file transfers turned on, participants can share files through the Zoom chat room.
Turn off annotation
Hosts can turn off annotation. With annotation turned on, participants can mark up content while someone is sharing their screen.
Disable private chat
Hosts can turn off private chat. With private chat turned on, participants can send direct messages to each other, without sharing those messages to everyone.
Consider hosting a Zoom webinar
Zoom webinars are ideal for meetings open to the general public, or for meetings with more than 300 participants. These Zoom webinars are already configured with security in mind.
Visit the following Confluence pages for additional details:
Responding to a Zoombombing in real time
When the appropriate best practices aren't followed, a Zoombomb may occur. A Zoombomb occurs when a random participant joins your Zoom meeting to disrupt and derail your meeting.
If this happens during your meeting, you should respond appropriately
Report a user
Hosts can reports users to Zoom's Trust & Safety team, if those users are being too disruptive or inappropriate while using Zoom. Hosts can report a user during or after a Zoom meeting.
Remove unwanted or disruptive participants
Hosts are able to remove unwanted or disruptive participants.
"Disruptive" could also describe a participant with a bad internet connection, because one user with a poor internet connection can degrade the meeting for all of the other participants. "Disruptive" could also describe a participant who keeps their mic on, even though they're not speaking and have a lot of noise in their background. Note that a participant can also be muted.
Record the meeting
If you're not already recording the meeting, start recording it. The proper authorities may need this recording for their investigation.
Save the chat
Save the chat history too. The proper authorities may need this data too.
Recognize the disruption
Acknowledge to the group that the disruption has occurred. Acknowledging this disruption appropriately and respectfully can put the remaining participants at ease.
Additional questions, comments, or concerns
If you have questions about how to configure your Zoom meeting, please submit a ticket to the ITS Help Desk, so that we may review and provide the proper guidance.
Please submit this form two weeks before your Zoom meeting is scheduled to begin. This way we have enough time to research, respond, and make adjustments to your plan for using Zoom.ctices