Zoom Meeting - Privacy and Security Settings - ZoomBombing Prevention Tips

There are many features within Zoom that can increase the security of your Zoom sessions and reduce the chance of unwanted attendees from disrupting your event and causing problems. Use as many of these options as possible without impacting your meeting operations. If you are discussing any sensitive or confidential information in your meetings, these measures become that much more important. Public meetings are more exposed than NU-only meetings (using Authenticated Users only), but you can prevent someone from gaining access to your meeting or sharing inappropriate content by applying most of these recommendations.

Pre-Meeting - Account Profile Settings

Change these settings by logging in to https://northwestern.zoom.us and in the left pane click Settings.

Screen Share for Host Only
The recommendation is to set this default to Host Only for all meetings. The most glaring component of all Zoombombing issues has been with inappropriate content being shared by regular attendees.

The recommended process for Screen Sharing in Zoom Meetings is to promote basic attendee(s) to co-host(s) to share their screen instead of enabling it for all participants. This adds a step to permit others to share, but it 100% prevents a basic participant from sharing inappropriate content. This way, you maintain control by knowing at all times who is sharing.

Require a Meeting Password
It's highly recommended that you set a strong password for all meetings. When scheduling a meeting, under Meeting Options, select Require meeting password, then specify a strong password (make your password at least eight characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols). Participants will need this password to join your meeting. Enable Generate and require password for participants joining by phone to extend the meeting security to phone connections as well.

Enable the Waiting Room Feature
The Waiting Room allows you to control when each participant joins the meeting. Admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. While using this feature this takes more effort, it ensures that only participants can join if you specifically admit them.
  • Consider using All Participants to prevent people from joining until you're ready to start your meeting. This serves as a filter if you have to remove someone and they try to rejoin - they will get held up there again and you can leave them. If you have a list of attendees, you can use this list to cross reference their names.
  • Guest Only allows all Northwestern Zoom account holders to bypass the waiting room. Only individuals with non-Northwestern Zoom accounts will be held back from joining right away. You can let those people into your meeting one by one or all together.
Disable Join Before Host
The Join Before Host option is convenient for allowing others to continue with a meeting if you're not available to start it. However, when scheduling a meeting where sensitive information will be discussed, leave Enable join before host (found under Meeting Options when scheduling a meeting) turned off. For more information, see Zoom's Join Before Host help page.

Another option is to assign an Alternative Host but they must have an active Northwestern Zoom account in order to do so.

It's still possible for a meeting to start without you (the host) even if Join Before Host is disabled. If you have given someone Scheduling Privilege, which allows them to schedule meetings on your behalf, then when that person joins a meeting before you, the meeting will begin and they will be made the host. This is typically not a problem, as the recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of host can be reassigned to you.

Only Authenticated Users Can Join
To keep your meeting limited to only those with Northwestern NetIDs, enable this feature to prevent non NU participants. When configuring a meeting, check this box to limit access. For more information see Zoom Security - Only Authenticated Users Can Join.

Virtual Backgrounds 
A person wanting to share illicit content can also share inappropriate video using it as a virtual background. You can disable this at any time on your account profile. Please consider disallowing virtual backgrounds when hosting very public events. Risk is low but it's possible.

Meeting Security When Scheduling Zoom Meetings Using Your Outlook Calendar
If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password. If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the password to anyone who views your calendar. Protect the password by making the calendar entry private or editing the entry to remove the Zoom meeting password.

Disable this setting in your Zoom profile to prevent participants from interacting with any data shared by a host or co-host. This also prevents unwanted attendees from drawing or writing inappropriate things on your data.

File Share
Disable this setting in your Zoom profile to prevent participants from posting inappropriate images or otherwise disruptive content in the chat section.

Disable Renaming
When meetings are Zoombombed, we've observed connections joining publicly advertised Zoom Meetings and they rename themselves to mimic a name that currently exists in the meeting. When the intruder shares their screen, their name appears to be a regular person from the event and it makes it difficult to discern who is sharing.

Scheduling a Meeting

Meeting ID
Do not use your Personal Meeting ID when scheduling meetings that will be available to the public. The PMID is recommended for internal or personal use, not for large meetings or events with non-Northwestern participants.

Meeting Password
Apply a password for all of your meetings to prevent people from joining by randomly entering Zoom meeting ID's to see what they can do to interrupt a session. Nearly all zoombombed meetings were scheduled without passwords.

Authenticated Users
Checking this setting will require everyone who has a Zoom account with Northwestern or a Northwestern affliate to be able to join. It is the safest, most secure setting, but it prevents external non-Northwestern participants from participating.

In-Meeting Controls

When you expand the chat window, the host or co-host can click on the three dots (in the lower right) to change how chat functions. To restrict comments from being visible to everyone and protecting the session, consider this change. By setting the chat to Host Only, any message sent by a participant is visible only by the host. This serves as a private way to submit questions and prevents any inappropriate language from being visible.

Screen Sharing set to Host Only
Follow these steps while in your meeting. This won't be appropriate when multiple participants will need to share and collaborate, but setting this restriction will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.
  1. Next to Share Screen, click the up-arrow.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.
Think carefully before you enable Participant Sharing. This could open the door for anyone to share, and if you have a public meeting, you are putting the meeting integrity at risk. Consider promoting individuals to Co-Host for each person to share their screen.

Put a Participant on Hold/Waiting Room 
In a meeting, place an attendee on hold to remove them temporarily. That participant is essentially in a time-out and cannot see/hear or share anything. Simply remove the hold to return them to the meeting.
  1. In the host controls, click Manage Participants.
  2. Hover over the name of the attendee you want to put on hold, then click More > Put in Waiting Room.
  3. You can admit them later or decline/kick them out as needed.
Remove a Participant from a Zoom Meeting
If you have already begun a session and find an unwanted attendee has joined:
  1. If the Participants panel is not visible, at the bottom of the Zoom window click Manage Participants.
  2. Next to the person you want to remove, click More > Remove.
Lock Your Session
The Zoom Host Controls allow the host or co-host to lock the meeting. Once all your attendees have joined,
  1. If the Participants panel is not visible, at the bottom of the Zoom window click Manage Participants.
  2. At the bottom of the Participants panel, click More > Lock Meeting.
Unlock the meeting following these same steps. When a meeting is locked, no one can join, and you (the host or co-host) will not be alerted if anyone tries to join, so don't lock the meeting until everyone has joined.

Post-Meeting Recording Controls

Authenticated Viewer Access to Recordings
Restrict viewing access to authenticated viewers only prevents non-Northwestern viewers from viewing your recorded content.
  1. In your profile in Settings, click the Recording tab, then scroll down and find the setting
  2. Enable the authenticated viewer setting
  3. On the left in your profile, click the Recording tab
  4. Click Share for any recording
  5. Enable only authenticated users can view, then click Save
Require Password for Cloud Recording Access
To secure viewing of your shared recordings, add a password to each individual recording that you manage. The recording access code can be changed at any time.
  1. Log in to Zoom, and on the left in your profile, click the Recording tab
  2. Click Share on any recording
  3. Enable Password protect
  4. Enter a password and click Save
  5. Copy the Recording Link details and share them to those who you want to view the recording along with the password
Recording Download, Password
By default, your recordings are NOT available for download. When sharing the download link, permit access to download the recording by enabling the Viewers can Download setting. Once enabled, copy the link and share it with others as needed.
  1. Log in to Zoom, and on the left in your profile, click the Recording tab
  2. Click Share on any recording
  3. Set a Password, enable access for Authenticated Viewers Only or Pubic, and copy the link to share, as needed.
  4. Close the window

For additional assistance please contact the IT Support Center at 847-491-4357 (1-HELP) or via email at consultant@northwestern.edu.

Keywords:zoom, meeting, recording, security, protection, controls, "zoom bombing"   Doc ID:99037
Owner:Michael C.Group:Northwestern
Created:2020-03-18 07:36 CSTUpdated:2020-06-02 15:58 CST
Feedback:  9   0