Jump to Main Content
Decrease font size Reset font size Increase font size
Ontario Institute for Studies in Education, University of Toronto Home| OISE| U of T| Quercus| Site Map | Contact Us | Accessibility | Feeling Distressed?
INSPIRING EDUCATION | oise.utoronto.ca
Education Commons at OISE

Zoom Security


There's been concern lately about ZOOM security, as we hear stories of unwelcome attendees disrupting ZOOM meetings, or lurking to see or hear what they should not. Education Commons wants to reassure you that you are safe and secure using ZOOM for your online classes or meetings. Here's some advice to help you feel, and be, more secure.

NEW May 1, 2020: If you are wondering about the ZOOM company's approach to your privacy, take a look at ZOOM's Privacy Policy. It's pretty clearly explained, as these things go.

NEW April 27, 2020: OISE ZOOM users, be sure to update your ZOOM client before May 30. You should already be updating regularly, to stay up-to-date with security improvements; here's another compelling reason to do it. 

Beginning May 30, 2020, all Zoom clients will have to be updated to version 5.0+ in order to join any meeting, because new GCM Encryption will be fully enabled for all Zoom meetings as of that date. Zoom 5.0 clients are also compatible with the current encryption used by Zoom meetings prior to May 30, so there is reason not to upgrade now. 

Click here to find out how to update ZOOM.

Be Up-to-date

The first thing to do with ZOOM, as  with any software, is to be sure you are always running the latest version. Software manufacturers release fixes for security issues often and rapidly, so if your version of the ZOOM application (desktop or mobile) is even a couple days behind the times, it might be missing protection from a known vulnerability. Updating is easily accomplished: click here to find out how to update ZOOM.

Follow the Best Practices for Security

Zoom is just as secure as any other similar system for meeting or sharing online, and, like any such system, it is most safe when best practices are followed.  Remember that Zoom is not part of the university UTORid system, therefore please do not use your UTORid password for your OISE Zoom account.
For the purpose of clarifying what these best practices are for you, we will look at two broad categories of ZOOM session that OISE community members might set up, closed sessions and open sessions.

Closed ZOOM Sessions

A closed ZOOM session is one that should only be available to a select group of people, not the general public or a self-selecting group of people. Your session can be kept closed in two ways. It can be either
  1. protected by its context, i.e., accessible only from a private or very obscure place. A private place could be a ZOOM link inside a Quercus course, or some other place where login is required before the link can be accessed.  An obscure place could be in a message you've circulated among a select group, which is very unlikely to be discovered or guessed by an outsider.
  2. protected by ZOOM, i.e., configured within the ZOOM meeting settings to allow entry only to those who have the meeting password,  or whom the host grants entry from the waiting room.
If your ZOOM session is protected by its context, you can proceed without much concern, and without worrying about extra security settings like a password. No one is likely to reach you except the people who are supposed to.
If you think your closed session may need some extra protection to keep it closed, look into ZOOM's settings for password-protecting a ZOOM meeting, or how to enable ZOOM's waiting room. Please contact Education Commons for advice and assistance with all ZOOM-related matters.

Open ZOOM Sessions

An open ZOOM session is one that is advertised publicly, and configured to allow entrance by all who wish to attend. Examples might include a Town-hall-style meeting or a drop-in session that you need to publicize to a wide audience. If you are holding such a session, be sure to take the following into consideration.
  1. Some advertisements are more public than others. For instance, if you use publicly accessible social media to advertise your meeting, do not include the ZOOM link in the post or tweet. Rather, provide a link to a separate web page where the ZOOM link can be found. This measure will foil lazy nuisances who comb social-media feeds looking for any ZOOM link.
  2. Consider invoking the waiting-room option in ZOOM, meaning that no one who attempts to access the meeting will get in until you, the host, grant entry. If you think your audience will be very large, this requirement may prove unwieldy, but it could be ideal in a meeting where a smaller turnout of recognizable community members is foreseen. Again, please contact Education Commons for advice and assistance with all ZOOM-related matters.
  3. Do not discuss, or visibly reveal, any private material in an open meeting. This might seem to go without saying, but most of us are new to videoconferencing and it's worth reminding everyone to think carefully about what we allow to be seen or heard.

Added Security for All ZOOM Sessions

Be aware of steps you can take to secure your meeting, once it has begun.
  1. Lock your ZOOM meeting, once everyone you expect has arrived, or after the agreed-upon start time. When you lock the meeting, no new participants can join, even if they have the meeting ID and password. As the host or co-host of a locked meeting, be aware that you will NOT be alerted if anyone is trying to join your meeting after you've locked it. To lock your meeting once you are in it, click Participants at the bottom of your Zoom window, and, in the pop-up box, click Lock Meeting.
  2. Know how to expel a participant from your ZOOM meeting. in the participants menu, when you mouse over a participant’s name,  several options will appear. Click Remove to immediately eject a participant from your meeting. If you then lock the meeting, they will be unable to reenter.
  3. Know how to place an attendee on hold in your ZOOM meeting, to prevent their seeing or hearing anything: this is a temporary way of asserting your session's privacy from a particular attendee, useful as a quick security measure while you determine whether or not to expel them altogether. Click on the attendee’s video thumbnail and select Start Attendee On-Hold to activate this feature.
  4. Make sure only the meeting host can share their screen. By default, this setting is on, and you should know how to turn ZOOM attendee screen-sharing on and off, so that you can allow everyone to share screens when you know it will be necessary, and forbid it in all other case.
  5. Know how to mute individual attendees, or all attendees, so you can maintain control of who speaks at your meeting.
  6. Be aware of ZOOM encryption. Encryption of your communication over ZOOM is switched on by default, to protect you from snooping spies on the Internet, and you should leave it switched on. However, if you are communicating extremely sensitive material in a ZOOM meeting, you should also be aware of the limitations of ZOOM encryption.