Settings to Keep Your Zoom Session Secure
At ATUS, we strive to keep users of our learning technologies safe. With the enterprise license of Zoom for WWU faculty, staff, and students, we are able to offer our users safety measures during Zoom meetings such as the ability to require participants be authenticated through WWU's login.
See also: Zoom's Best Practices for Securing Your Virtual Classroom
This document includes:
- Zoom for Western Security
- Sample Student Notification
- Zoom Meeting Settings Overview
- Zoom Account Settings Overview
- Zoombombing
- Detailed Instructions to Prepare for Secure Meetings
- Recommendations for Public Zoom Meetings
Zoom for Western Security
Zoom for Western licenses are activated for all faculty and staff and can be accessed via https://wwu-edu.zoom.us and signing in with your username@wwu.edu email address and WWU password. Students can activate their own Zoom for Western licenses. See the Zoom for Western page for details.
To keep your Zoom session and your students in a more secure environment:
- Update your Zoom software. Ensure you have the latest security updates: https://zoom.us/download
- Require authentication. This alone secures the session to only WWU users and provides a record of those individuals in the Reports area for all meetings via your account on the Zoom.us website.
- Guests can now be added to Zoom meetings.
- Edit the Zoom meeting by accessing Zoom on the web (not from the Zoom app or via Canvas).
- Under Security, make sure Required authentication to join is enabled.
- Next to Authentication Exception, click Add.
- Enter the guest participant's name and email address.
- Click Add Participant to add more exceptions.
- Click Save.
- Guests can now be added to Zoom meetings.
- Review: "Detailed Instructions to Prepare for Secure Meetings" below.
- Registration: Be aware that setting up Registration for your events does not guarantee security. Access information can still be shared.
- Webinars/Streaming: For public events, consider streaming a secured meeting on YouTube or Facebook Live OR setting up a webinar with Video Services.
Sample Student/Participant Notification
It is prohibited to share invite links and/or passcodes to Zoom sessions with anyone outside of the class. This includes posting the links on public and/or social media sites. Revealing invite links and passcodes are information security and privacy risks. Violators will be subject to an investigation by the University and possible disciplinary action. Please see POL- U3000.04, Computer Use-Responsible Computing.
Zoom Meeting Settings Overview
When editing/creating a meeting:
- Do: Require “Only authenticated users can join” with an @wwu.edu account*
- Do: Share your “Invite Link” on a secure site, such as Canvas.**
- Do: Require meeting passcode and/or Enable waiting room
- Do not: Enable Join Before Host.
- Do: Mute participants upon entry.
* From within the Canvas integration this is called, "Only signed-in users with specified domains can join meetings." Also, this setting can be added to existing meetings to impact future sessions.
**For public events, consider streaming a secured meeting on YouTube or Facebook Live OR setting up a webinar with Video Services. See Recommendations for Public Zoom Meetings at the end of this document.
NOTE: If you would like to add exception emails to the authentication list, you will need to edit the Zoom meeting by accessing Zoom on the web (not from the Zoom app or via Canvas).
See the section "Detailed Instructions to Prepare for Secure Meetings."
Zoom Account Settings
The default settings for WWU accounts are preset based on security precautions. See detailed instructions below.
- Do not turn on: Allow removed participants to rejoin
- Consider keeping off: Private chat
- Consider keeping off: Remote control
- Consider keeping off: Annotation
Zoombombing
Especially in the early days of the pandemic and remote teaching, reports of "Zoombombing" occurred where unintended participants accessed Zoom sessions and were disruptive. Especially at risk are when meeting links are shared widely or are placed on public-facing websites. It is also possible that enrolled students or invited participants could share Zoom meeting access information with a third party.
In case you suspect this happening in your meeting, here are the steps to follow:
- Click Security, then
Suspend Participant Activities - Click Security, select
Hide Profile Pictures - Click Security, select
Remove Participant. - Report to ATUS, including user details and screenshots if available.
Your best defense is to regularly update your Zoom software and require authentication for meetings.
Options If Your Meeting is Zoombombed
Unless recording, take screenshots if you are able to do so quickly.
OPTION A:
If you have updated your Zoom software since 11/16/20,* the host and any co-hosts will have these options to stop all student interactivity:
- Suspend Participant Activities: From the control bar, select:
- Security > Suspect Participant Activities, and;
- Security > Hide Profile Pictures.
- Select Remove (host only) for the offending participant(s):
- Via Participant panel (hover over the name)
- Via Video thumbnail (from 3-dot menu)
- Via the Security icon
OPTION B:
If the Suspend option is not available to you, the most immediate stop to the situation is to end the meeting for all. If possible, let participants know where to check (e.g. Canvas) for further instructions.
- End Meeting for All. Before starting the meeting again, check the meeting settings listed above.
OPTION C:
If you do not have the “Suspend” option available to you in the Security tab, and don’t want to end the meeting, here is how to regain control of the meeting in earlier versions of Zoom.
- Change Settings During Meeting: If you can regain control of the meeting, it can proceed without ending.
- Select Remove (host only) for the offending participant(s):
- Via Participant panel (hover over the name)
- Via Video thumbnail (from 3-dot menu)
- Via the Security icon
- Select Mute All from the Participants panel. Co-hosts and hosts can do this.
- From Participants 3-dot menu,
- Uncheck “Allow Participants to Unmute themselves”
- Check Enable Waiting Room
- Check Lock Meeting
- From Chat 3-dot menu,
- Check “Participant Can Chat With… No One”
- If annotation (writing on the screen) occurred, from the More 3-dot menu, select Disable Attendee Annotation and clear annotations (trashcan icon).
- Select Remove (host only) for the offending participant(s):
Notify the ATUS Help Desk
- Zoom Support Form - Preferred, as this notifies the most appropriate support staff.
- Email: HelpDesk@wwu.edu
- Call: 360-650-3333
- To consult further about Zoom strategies, contact Video.Services@wwu.edu.
Detailed Instructions to Prepare for Secure Meetings
Plan Ahead
- Plan to give a trusted participant the Co-host role during a meeting to help monitor security issues.
- Plan to share or discuss community guidelines for participation during Zoom meetings.
- Decide whether to disable any features that are not needed during Zoom meetings, such as screen sharing or chat.
Security in Zoom Meetings
The security option located on the Zoom toolbar allows the Zoom session host or co-host to respond to any issues that may appear during the course of their class allowing the issue to be resolved without the need to stop the class.
- Lock Meeting
This setting locks the Zoom session so no additional participants may enter the session - Enable Waiting Room
This allows you to set up a waiting room which can be used in place of a passcode to secure your Zoom session. - Hide Profile Pictures
- Allow Participants to:
This allows you to control the options that session participants will have access to such as:- Share Screen
- Chat
- Rename Themselves
- Unmute Themselves
- Start Video
- Suspend Participant Activities gives you these options:
- Turns off video, audio, and screen sharing and will lock the meeting from anyone entering it.
Gives the option to report to Zoom.
- Remove Participants
You can use the remove participants option to remove unruly or abusive participants. This is also available from the Participants panel and from the 3-dot menu on each person’s profile picture/video.
Zoom Meeting Settings
These settings are accessible as you create or edit a meeting.
Do: Require “Only authenticated users can join” requiring an @wwu.edu account.
Note that guests from outside WWU would not be able to join the meeting. If this is required on a particular day, remove this setting for that day and follow the suggestions below.- Do: Share your “Invite Link” on a secure site (such as Canvas).
Canvas is a password-protected site that requires signing in through WWU’s user authentication system.- Copy the Zoom “Invite Link” (and passcode if using) and paste it in your Canvas course for your students. It could be in an Announcement, placed in a Module, a page, etc.
Warn students that sharing Invite links is prohibited. See sample student notification language above that you can use in your class.
- Do: Require meeting passcode and/or Enable waiting room.
Enable “Passcode.” Be sure to share that passcode with your participants securely.
- Enable Waiting Room. New arrivals to the meeting will appear in the waiting room area of the Participants list. Click on participant names to admit them one at a time or Admit All. Hosts can also return participants to the waiting room and disable/enable the waiting room during a meeting.
You can customize what participants see in the Waiting Room in your account settings. Keep the setting at All participants since most students do not have confirmed Zoom accounts and are essentially guests (even when logging in/authenticating with their WWU email and password). See also: Zoom Help Center - Waiting room
Do not: Enable Join Before Host.
Do: Mute participants upon entry
Zoom Account Settings
The default settings for WWU accounts are preset based on security precautions. These settings are accessible by going to www.zoom.us, logging in with your Zoom for Western account (username@wwu.edu), and selecting the Settings navigational item on the left.
Do not turn on: Allow removed participants to rejoin.
Consider keeping off: Private chat.
Consider keeping off: Remote control
Consider turning off: Annotation.
Annotation allows participants to use the drawing, stamping, and other notation tools during a screen share. The host can disable this option during each session or keep it from being an option in the first place by turning it off for all meetings in Settings.
Recommendations for Public Zoom Meetings
If you are hosting a Zoom session that requires sharing of a Zoom meeting link with a public audience, consider using these settings. These may also be useful as extra precautions for any meeting.
For large public events, consider live streaming your Zoom meeting through YouTube or Facebook Live, or using one of the webinar licenses available through Video.Services@wwu.edu.
Zoom Meeting Settings
These settings are accessible as you set up a meeting and can be used in addition to the Basic Settings.
Enable Waiting Room. This requires the meeting host/instructor to allow entry into the meeting by holding them in a special part of the Zoom participants panel where they are notified they are in a waiting room for your session.
- When scheduling a new meeting or editing an existing one, enter a checkmark to enable Waiting Room. Even without this setting, a host can enable and disable the waiting room during a meeting.
- The host/instructor will need to admit participants into the Zoom session one or more at a time.
While this feature is particularly useful for “Office Hours” or to control entry to a meeting, it also requires the host’s attention to manage it.
- When scheduling a new meeting or editing an existing one, enter a checkmark to enable Waiting Room. Even without this setting, a host can enable and disable the waiting room during a meeting.
- Registration Form. If you are scheduling meetings for events and you list these on a public website, you could require a registration form. This can allow you to screen potential attendees, and then email participants the Meeting ID. See Registration for Meetings.
Note that this does not prevent those individuals from sharing the meeting access information to third parties. Again, consider live streaming your Zoom meeting through YouTube or Facebook Live, or using one of the webinar licenses available through Video.Services@wwu.edu.
Resources
- ATUS:
- ATUS-CIIA Help Documentation
- How to Participate in Zoom Privately (as a participant/student)
- Video Options Comparison Charts
- Zoom Help Center
- Manage Participants in a Meeting
Be sure to become familiar with how to manage participants in a meeting, including, removing a disruptive participant, limiting chat options during a meeting, and locking the meeting from further participants. - Host and Co-Host Roles in a Meeting
Enable “Co-Host” so you can assign others to help moderate. - Annotation Tools
- Manage Participants in a Meeting