Security Settings - Zoom

Note: As of 1/25/21, every new meeting you schedule must have one of three security measures: a passcode, a waiting room, or only authenticated users can join.

Your default security settings are set and stored online.

1. In a Web browser, go to buffalo.zoom.com
2. Click Sign In

3. Login with your UBITName and password (if prompted)
4. In the Zoom interface, click Settings at left. The Meeting tab contains most of the powerful security features discussed below. Scroll down to see them. Choose another tab such as Recording or AI Companion to adjust settings for those aspects of Zoom

Additional onscreen controls allow you to adjust many security settings while a meeting is in progress.

Require a passcode to join any meeting or session (this is the default setting).  A passcode is especially important if the meeting or session is advertised publicly or widely, or where large numbers of attendees are invited or anticipated.

If you choose not to use a passcode, the Waiting Room feature will be enabled. The Waiting Room feature allows the host to control when and if a participant joins the meeting. All participants, except the host and alternate hosts, are  placed in the waiting room prior to joining a meeting. 

Note: When the waiting room is enabled but there is no passcode for the meeting, the host will not be able to disable the waiting room once the meeting starts.

When you schedule a meeting, a Meeting ID link is generated. If you are going to share your Meeting ID link (especially on social media), we strongly recommend using the default “Generate Automatically” option, which creates a random link to your meeting. If you switch to the “Personal Meeting ID” (PMI) option, anyone seeing that link can take note of it and use it to pop in and out of your PMI meetings in the future.

UB’s Information Security Office requires a passcode for meetings hosted using your Personal Meeting ID. Alternately, you can generate a new Meeting ID for each meeting, and send it only to those you wish to participate. 

By default, screen share is only available for the host/co-host and only one person can share at a time

Before a call

1. Log into the Zoom web portal with your UBITName and password
2. Select Settings at left
3. Click Meeting > In Meeting (Basic)
4. Scroll down to Screen Sharing
5. Change Who can share? to Host only

During a call

1. At the bottom of the meeting window, click Host tools
   
2. Uncheck (deselect) Share Screen

Just as with any email, avoid clicking links in the chat window unless you know explicitly what they are and who is providing them. Malicious links could lead to your device or account being compromised and personal information stolen.

If using Zoom for teaching and intended only for student use, it is recommended that meeting hosts share session or meetings links through the UB Learns course site or though MyUB. That way, if you have concerns that a password has been exposed, you can create a new session or meeting with a new password, and easily re-share it to your class.

Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. As of 9/27/2020, if your meeting does not require a passcode, the Waiting Room is automatically enabled.

Meeting hosts can customize Waiting Room settings for additional control, and you can even customize the text and image people see when they join the waiting room so your attendees know they’re in the right spot. The waiting room message is a great place to post any rules/guidelines for your event. 

• Lock the meeting - When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and passcode (if you have required one). In the meeting, click Host tools at the bottom of your Zoom window. In the pop-up, select Lock Meeting.
  
• Suspend participant activities – Turns off all participants’ video, audio, Zoom apps, and ability to share their screen. It also locks the meeting and prevents new participants from joining. This suspension also closes all breakout rooms and returns participants to the main session.
  
• Remove unwanted or disruptive participants - From that Participants panel, mouse over a participant’s name, click More to see the available controls.
  
  • Remove to kick someone out of the meeting.
  • Put in waiting room to put someone in the waiting room. They can only return when you or a co-host decide to re-admit them.
  • Report to report an attendee to Zoom’s Trust and Safety team. You will be able to provide details about the problem and upload evidence, such as screenshots.
• Disable a participant’s video - Hosts can turn someone’s video off. This allows hosts to block unwanted, distracting, or inappropriate video.
• Mute participants - Hosts can mute/unmute individual participants or all of them at once. See Muting/unmuting participants in a meeting
  
  • In the Participants panel click Mute All.
    • Uncheck Allow participants to unmute themselves to keep everyone muted. The host/co-host can request individual participants to unmute.
  •  To reduce clamor in large meetings you can enable Mute all participants when they join a meeting in your online settings or choose that option when scheduling a meeting.
• Disable private chat -  Restrict participants’ ability to chat with one another during your event, to cut back on distractions. This also prevents anyone from getting unwanted messages during the meeting. See Controlling and Disabling in-Meeting Chat

The Zoom web portal has many settings to help secure your Zoom event and host with confidence:

• Only authenticated meeting participants and webinar attendees can join meetings and webinars – When enabled, if someone tries to join your meeting or webinar and they haven’t signed into the Zoom desktop or mobile app, they will be asked to sign in.
  • When you schedule a meeting you can invite specific, non-UB people to bypass authentication when they join. See How to add authentication exceptions
• Allow removed participants to rejoin – By default a participant you remove can rejoin the meeting. Toggle this setting on to keep people from rejoining if they’ve been removed. See Allowing participants and panelists to rejoin
• Turn off file transfer – Hosts and participants can use in-meeting chat to transfer files. Toggle the setting Send files via meeting chat off to keep the chat from getting bombarded with unsolicited content. See In-Meeting File Transfer
  • Choose file types for file transfer – you can also choose which file types (e.g., .xlsx, .pdf, .docx) and stipulate a maximum file size
• Allow fewer emojis in your meetings – By default Allow participants to use emojis is enabled and participants have access to the full library of emojis for in-meeting chat. You can restrict the available emoji to 6 basic ones or disable emojis altogether. 

If you experience an issue such as Zoombombing you can report a participant by clicking the More (three-dot) menu when you hover over their video or their name in the participant panel. You can also make note of the name of the participant before removing them and UBIT can assist with making a report. Follow up with UBIT Help Center. 

If you are accessing the session by clicking on a link,  the passcode is encrypted and embedded in the link. You will be prompted to enter the passcode if you select Join a Meeting in the Zoom app and  enter the Meeting ID #  

Security risks are a concern for all conferencing tools. Zoom has had a more intense level of scrutiny given its widespread use. Vulnerabilities have been identified in every major platform, including Cisco’s Webex, GoToMeeting and Microsoft Teams. The nature of using an online platform means that there will always be risks. However, risks can be significantly minimized by following UBIT's provided recommendations to secure your sessions. Zoom has been extremely responsive to the security community’s concerns with their product and is actively releasing patches significantly faster than most platforms.