Zoom Security

Zoom Security Preventative Actions

  1. Randomize your Meeting IDs per meeting. Don’t use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting.
    1. https://support.zoom.us/hc/en-us/articles/203276937-Using-Personal-Meeting-ID-PMI-
    2. https://blog.zoom.us/wordpress/2020/03/20/keep-uninvited-guests-out-of-your-zoom-event/
  2. Enable passwords for your meetings.  Do not publicly post your meeting password.  For meetings with sensitive information, send the password in a separate email.
    1. https://support.zoom.us/hc/en-us/articles/360033559832-Meeting-and-webinar-passwords
    2. https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
  3. Enable the “Waiting Room” feature for your meetings. Allow guests to join once the host or alternative hosts have arrived. The host and alternative host can see who is attempting to join the meeting before allowing them access.
    1. https://support.zoom.us/hc/en-us/articles/115000332726-Waiting-Room 
    2. https://blog.zoom.us/wordpress/2020/02/14/secure-your-meetings-zoom-waiting-rooms/
    3. https://support.zoom.us/hc/en-us/articles/360040324512-Roles-in-a-meeting
  4. Lock the meeting. You can also lock the meeting once everyone has joined to prohibit outsiders from joining and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting.
    1. To deputize your co-hosts, go to the same Settings icon, then to the Meetings tab. Scroll down to Co-host and make sure it is enabled. If Zoom asks you for verification, click Turn On.
    2. https://support.zoom.us/hc/en-us/articles/115000332726
  5. Disable:
    1. Join Before Host
    2. Screen-sharing for non hosts
    3. Remote control function
    4. All file transferring, annotations and the autosave feature for chats
  6. Keep your Zoom software client updated. 

Zoombomb Victim Actions

  1. Lock them out. Go to the Participants List in the navigation sidebar, and scroll down to More. Click Lock Meeting to stop further participants from entering the meeting and to be able to remove participants.
  2. Shut them up. Have yourself or one of your co-hosts go to the Participants List, again scrolling down to the bottom, and click Mute All Controls. This makes it so the unwelcome participant can’t use their microphone to disrupt your audio.
  3. Let IT Security know about it.  Send an email to itservice@lclark.edu detailing as much about what occurred and how your resolved it.  If you have experienced unwanted behavior, we’d like to know about it so we can continually improve our institutional (default) security settings and on-going recommendations to our users.  Thank you!