Zoom Security
NEW May 1, 2020: If you are wondering about the ZOOM company's approach to your privacy, take a look at ZOOM's Privacy Policy. It's pretty clearly explained, as these things go.
NEW April 27, 2020: OISE ZOOM users, be sure to update your ZOOM client before May 30. You should already be updating regularly, to stay up-to-date with security improvements; here's another compelling reason to do it.
Beginning May 30, 2020, all Zoom clients will have to be updated to version 5.0+ in order to join any meeting, because new GCM Encryption will be fully enabled for all Zoom meetings as of that date. Zoom 5.0 clients are also compatible with the current encryption used by Zoom meetings prior to May 30, so there is reason not to upgrade now.
Be Up-to-date
Follow the Best Practices for Security
Closed ZOOM Sessions
- protected by its context, i.e., accessible only from a private or very obscure place. A private place could be a ZOOM link inside a Quercus course, or some other place where login is required before the link can be accessed. An obscure place could be in a message you've circulated among a select group, which is very unlikely to be discovered or guessed by an outsider.
- protected by ZOOM, i.e., configured within the ZOOM meeting settings to allow entry only to those who have the meeting password, or whom the host grants entry from the waiting room.
Open ZOOM Sessions
- Some advertisements are more public than others. For instance, if you use publicly accessible social media to advertise your meeting, do not include the ZOOM link in the post or tweet. Rather, provide a link to a separate web page where the ZOOM link can be found. This measure will foil lazy nuisances who comb social-media feeds looking for any ZOOM link.
- Consider invoking the waiting-room option in ZOOM, meaning that no one who attempts to access the meeting will get in until you, the host, grant entry. If you think your audience will be very large, this requirement may prove unwieldy, but it could be ideal in a meeting where a smaller turnout of recognizable community members is foreseen. Again, please contact Education Commons for advice and assistance with all ZOOM-related matters.
- Do not discuss, or visibly reveal, any private material in an open meeting. This might seem to go without saying, but most of us are new to videoconferencing and it's worth reminding everyone to think carefully about what we allow to be seen or heard.
Added Security for All ZOOM Sessions
- Lock your ZOOM meeting, once everyone you expect has arrived, or after the agreed-upon start time. When you lock the meeting, no new participants can join, even if they have the meeting ID and password. As the host or co-host of a locked meeting, be aware that you will NOT be alerted if anyone is trying to join your meeting after you've locked it. To lock your meeting once you are in it, click Participants at the bottom of your Zoom window, and, in the pop-up box, click Lock Meeting.
- Know how to expel a participant from your ZOOM meeting. in the participants menu, when you mouse over a participant’s name, several options will appear. Click Remove to immediately eject a participant from your meeting. If you then lock the meeting, they will be unable to reenter.
- Know how to place an attendee on hold in your ZOOM meeting, to prevent their seeing or hearing anything: this is a temporary way of asserting your session's privacy from a particular attendee, useful as a quick security measure while you determine whether or not to expel them altogether. Click on the attendee’s video thumbnail and select Start Attendee On-Hold to activate this feature.
- Make sure only the meeting host can share their screen. By default, this setting is on, and you should know how to turn ZOOM attendee screen-sharing on and off, so that you can allow everyone to share screens when you know it will be necessary, and forbid it in all other case.
- Know how to mute individual attendees, or all attendees, so you can maintain control of who speaks at your meeting.
- Be aware of ZOOM encryption. Encryption of your communication over ZOOM is switched on by default, to protect you from snooping spies on the Internet, and you should leave it switched on. However, if you are communicating extremely sensitive material in a ZOOM meeting, you should also be aware of the limitations of ZOOM encryption.