Zoom Security

Zoom Security Preventative Actions

1. Randomize your Meeting IDs per meeting. Don’t use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting.
   1. https://support.zoom.us/hc/en-us/articles/203276937-Using-Personal-Meeting-ID-PMI-
   2. https://blog.zoom.us/wordpress/2020/03/20/keep-uninvited-guests-out-of-your-zoom-event/
2. Enable passwords for your meetings.  Do not publicly post your meeting password.  For meetings with sensitive information, send the password in a separate email.
   1. https://support.zoom.us/hc/en-us/articles/360033559832-Meeting-and-webinar-passwords
   2. https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
3. Enable the “Waiting Room” feature for your meetings. Allow guests to join once the host or alternative hosts have arrived. The host and alternative host can see who is attempting to join the meeting before allowing them access.
   1. https://support.zoom.us/hc/en-us/articles/115000332726-Waiting-Room 
      
   2. https://blog.zoom.us/wordpress/2020/02/14/secure-your-meetings-zoom-waiting-rooms/
   3. https://support.zoom.us/hc/en-us/articles/360040324512-Roles-in-a-meeting
4. Lock the meeting. You can also lock the meeting once everyone has joined to prohibit outsiders from joining and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting.
   1. To deputize your co-hosts, go to the same Settings icon, then to the Meetings tab. Scroll down to Co-host and make sure it is enabled. If Zoom asks you for verification, click Turn On.
   2. https://support.zoom.us/hc/en-us/articles/115000332726
5. Disable:
   1. Join Before Host
   2. Screen-sharing for non hosts
   3. Remote control function
   4. All file transferring, annotations and the autosave feature for chats
6. Keep your Zoom software client updated. 

Report Zoombombing

Zoombombing happens when someone intentionally and maliciously disrupts a Zoom meeting. This disruption can take the form of profanity, threats, pornography, or hate speech. If you receive or perceive a threat to yourself or public safety, please call Campus Safety at 503-768-7777. In addition, please report this incident to the IT Service Desk (itservice@lclark.edu) with the following information.

 

Please include this information in your reporting:

• A summary of what happened
• The meeting ID of the session that was interrupted and the full name of the meeting host
• The date and time of the incident
• What action was taken (i.e. was the meeting ended, or was the intruder removed)
• Indicate whether or not the session was recorded. If it was, please retain the recording if needed for an investigation.

IT Administrators will run a usage report to identify as much information as they can about participants in the meeting. Campus Safety may choose to share this information with police if the incident warrants such action. Prevention is the most effective action to take to prevent Zoombombing.