Overview

Zoom is a popular video-conferencing tool, primarily because of its ease of use, and its ability to connect users remotely.  But these strengths come with vulnerabilities that hosts should consider when using Zoom.

Hosts don't need to follow of these best practices.  They should use the minimal number of practices that fit their needs and secures their meetings.

Best practices

Consider hosting a Zoom webinar

Zoom webinars are ideal for meetings open to the general public, or for meetings with more than 300 participants.  These Zoom webinars are already configured with security in mind.

Visit the following Confluence pages for additional details:

• Zoom Meeting vs Zoom Webinar
• Zoom Webinar Requests and Set-Up

Avoid using your Personal Meeting room (also referred to as PMI) for scheduled meetings

If you post a link to your Personal Meeting room publicly, then anyone could disrupt that room.  So your Personal Meeting room in Zoom should be used for impromptu meetings with co-workers or third-party users you routinely communicate with.  

If your meeting occurs sometime in the future, then schedule the Zoom meeting instead of using your Personal Meeting room.

Keep all Zoom meeting details (links, IDs, passwords) private

Only the invitees should know these details, unless the Zoom meet is meant to be public.

Disable "Join before host"

Turn "Join before host" off.  This way, the Zoom meeting won't before until the host joins.

Mute participants upon entry

Some users may be unaware that their mics are on when they join.  To avoid this, simply mute the participants' mics when they join. 

Hosts can set this as the default for all meetings (Settings, then do a word search for Mute all participants when they join a meeting).  Or configure this setting after the meeting begins (Visit Managing participants in a meeting to learn more; do a word search for Mute Participants upon Entry).

Enable the Waiting Room

When hosts enable the Waiting Room, participants don't join the Zoom meeting immediately after they click their invite links.  They are sent to a virtual Waiting Room instead, where the hosts could either admin those participants one-by-one, or admit them all.

The hosts can even post a custom message in the Waiting Room.

Ensure that only hosts can share their screens

Hosts can ensure that only they (and their co-hosts and alternative hosts) can share their screens in Zoom meetings.  Visit Managing participants in a meeting and do a word search for to prevent participants from screen sharing (the Zoom meeting must have already begun before changing these settings, so consider joining the Zoom meeting early).

You could also set the default for your Zoom account, so that only hosts (as well as co-hosts and alternative hosts) are the only ones can share their screens during your meeting.  Go to your Settings, and do a word search for Screen sharing.

Allow only invitees into your meeting

If you have a set invitee list with email address, then configure your meeting so that only those invites may join.

Set a meeting passcode

Setting a meeting passcode for the Zoom meeting ensures that only those with the passcode could join.

Lock the meeting

Hosts can lock Zoom meetings after those meetings have started.  This feature will even lock out those with the meeting ID and passcode.

Disable video

Hosts can disable a participant's video.  But please know that 

Mute participants

Hosts can mute all participants, or mute one at a time.  Please know that the participants can unmute themselves.

Suspend participant activities

Hosts and co-hosts can pause the meeting to remove and report an offending party and prevent further disruption.

Turn off file transfer

Hosts can turn off file transfers for participants.  With file transfers turned on, participants can share files through the Zoom chat room.

Turn off annotation

Hosts can turn off annotation.  With annotation turned on, participants can mark up content while someone is sharing their screen.

Disable private chat

Hosts can turn off private chat.  With private chat turned on, participants can send direct messages to each other, without sharing those messages to everyone.

Report a user

Hosts can reports users to Zoom's Trust & Safety team, if those users are being too disruptive or inappropriate while using Zoom.

Responding to a Zoombombing in real time

When the appropriate best practices aren't followed, a Zoombomb may occur.  A Zoombomb occurs when a random participant joins your Zoom meeting to disrupt and derail your meeting.

If this happens during your meeting, you should respond appropriately

Remove unwanted or disruptive participants

Hosts are able to remove unwanted or disruptive participants.

Please know that "disruptive" could also describe a participant with a bad internet connection, because one user with a poor internet connection can degrade the meeting for all of the other participants.  Also know that "disruptive" could also describe a participant who keeps their mic on, even though they're not speaking and have a lot of noise in their background.

Record the meeting

If you're not already recording the meeting, start recording it.  The proper authorities may need this recording for their investigation.

Save the chat

Save the chat history too.  The proper authorities may need this data too.

Recognize the disruption

Acknowledge to the group that the disruption has occurred.  Acknowledging this disruption appropriately and respectfully can put the remaining participants at ease.