As businesses and individuals settle into the new normal of staying and working from home, there has been a lot of spotlight on Zoom, a video communications tool. On the one hand, Zoom has earned positive reviews for its reliability and functionality, while on the other, there have been stories about its potential security vulnerability.
As an organization, CPABC has been using Zoom over the past year and a half and we’d like to share with you some of our best practices to make your Zoom meetings more safe and secure when you use it for work or to connect with family and friends.
Tip 1: Protect your Zoom meeting
Never share a Zoom meeting link in a public setting, such as on any website, social media (Facebook, LinkedIn, Twitter, etc.), online bulletin boards, blog posts, news articles, email lists with wide distributions, or any other public domain because anyone with the link can join your meeting.
Use Meeting Passwords to prevent others from guessing your meeting ID and entering the meeting. When you schedule a meeting, the password is displayed below the Meeting ID and the link to your meeting.
Tip 2: Disable “Join before Host”
If you are scheduling a meeting, leave Enable join before host turned OFF. While the Join before host option can be convenient for allowing others to join a meeting if you are not available to start the meeting on time, the first person who joins the meeting will automatically be made the host and will have full control over the meeting. Therefore, it is highly recommended to leave this setting turned OFF.
Instead, you should enable the Waiting Room Feature, which allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees individually, or hold all attendees in the virtual waiting room and admit them all together. While this requires the host to do more work, it allows participants to join only if you specifically admit them.
Tip 3: Lock Your Session
The Zoom Host Controls allows the host or co-host to lock the meeting once all your attendees have joined. When you lock the meeting, no new participants can join, even if they have the meeting ID and password.
If the Participants panel is not visible, click Manage Participants at the bottom of your Zoom window.
To lock a meeting:
At the bottom of the Participants panel, click More or the 3 Dots
From the list that appears, click Lock Meeting.
Unlock the meeting following these same steps.
When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so do not lock the meeting until everyone has joined
Note: People who dropped-off of the meeting may not be able to rejoin.
For those using newer Zoom Clients (Version: 4.6.10 (20033.0407) or higher), you can also use the Security button on the meeting control bar to quickly Lock the Meeting along with other permissions for meeting participants.
Tip 4: Protect your Screen
When sharing your screen, share only the application or document that you want to share (which should be opened on your desktop) instead of an entire screen. This is much better from a security and privacy perspective. It also ensures that any notifications you may receive from other applications will be hidden, and your attendees will not see anything other than the application you are sharing.
Keep in mind that any sensitive and confidential information that is not related to the Zoom meeting must be closed before starting the Zoom meeting.
You can also disable participants’ ability to share their screen. While in your meeting, click the up-arrow next to Share Screen and Under Who Can Share select “Only Host”. Imposing this restriction when necessary will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.
Note: This can be set on a per-meeting basis or you can set it as the default behavior for all of your meetings.
Tip 5: Remove Unwanted Participants
If you have already begun a session and find an unwanted attendee has joined or is being disruptive, a host or co-host may remove them:
- If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
- Next to the person, you want to remove, click More.
- From the list that appears, click Remove.
Note: You can also prevent removed participants from rejoining a meeting.
Tip 6: Use Zoom Safely for Public Events
You want to make sure your attendees are only the people you invite and not strangers. Here are some tips you can use to help when you need a public meeting space:
When possible, use Zoom Webinar (you will need a ZOOM Webinar license for this).
Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting and people can pop in and out all the time. Learn about meeting IDs and how to generate a random meeting ID in this video tutorial.
Familiarize yourself with your Zoom settings and features. Understand how to protect your virtual space when you need to.
Know your Host Key (it is on your Profile page). Edit it and make it something you will remember. If you join a meeting that you created as an attendee instead of launching it as the host, you can Claim Host in the participant's window, as long as you know your Host Key.
Whether it is with your colleagues, friends, or family, follow these tips to secure your next Zoom meeting.
Rajvinder Saran is CPABC’s Systems Administrator and is a member of the organization’s IT department.