This article details how to secure your Zoom Meeting.
University policy on the use of Zoom
The University has purchased an Enterprise licence for Zoom.
Zoom is integrated via Single Sign-On (log-in authentication) which will improve the security of the sessions. It has good functionality for a range of interactive, synchronous teaching activities.
The use of Zoom is subject to the following conditions https://zoom.us/terms
- You can use Zoom for highly confidential conversations but if these or confidential conversations need to be recorded, they should not be recorded to the Zoom cloud. They should instead be recorded to a University owned, encrypted device or to OneDrive in your University Microsoft 365 account.
- You must only record meetings in accordance with the guidance at the end of this article.
- You must set a secure password on all meetings and enable the waiting room option. Further details and guidance can be found on Zoom at https://zoom.us/security which covers protecting your data, protecting your meetings and protecting your privacy. There is also a short Zoom security video at - https://youtu.be/6JbDfXIElT0
- You must comply with all licensing conditions, particularly the need to ensure that each Zoom account is only accessed by one named individual.
- Where previously it wasn't permitted, Zoom can now be used for University assessment, including Vivas
Securing your meeting
- Do not share the meeting URL via publicly accessible social media platforms
- Use Security and Options/Advanced Options to manage access and participants
- Use a secure password for access to meetings. (This should be on by default)
- Enable the Waiting Room option for meetings. (This should be on by default)
- Share the meeting via email (which can be generated in Zoom) to intended meeting participants only
- Avoid using your Personal Meeting ID (PMI) to host public events
- If you know your meeting participants have a Zoom account you can choose to select the option Require authentication to join. This means only participants using a Zoom account will be able to join the meeting
- Consider locking the meeting after it has started so no one else can join. This is via the security icon
- Follow the advice from the Zoom blog: How to Keep Uninvited Guests Out of Your Zoom Event
- If someone does join who shouldn't be there you can remove them from the meeting via the security icon or participant panel
There is some further information on the Zoom website, such as Educating Over Zoom and Best Practices for Securing Your Virtual Classroom
End-to-end encryption (E2EE)
Zoom have enabled end-to-end encryption for meetings but it is not enabled by default and has to be applied by individuals prior to starting a meeting, providing additional protection when needed.
Considerations before enabling E2EE
End-to-end encryption may not be suitable for teaching using Zoom because, when enabled, end-to-end encryption will disable the following features:
- Join before host
- Cloud recording
- Live streaming
- Live transcription
- Breakout Rooms
- Polling
- Meeting reactions*
- 1:1 private chats*
*As of version 5.5.0 for desktop, mobile, and Zoom Rooms, these features are supported in E2EE meetings.
If you require any of the above features you can disable encryption by following the above instructions and turning off the option to Allow use of end-to-end encryption for your account.
Enabling end to end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms. But anyone who doesn’t have the application will be prompted to download it when attempting to join the link.
Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, or Lync/Skype clients, as these endpoints cannot be encrypted end to end.
Zoom web client and third-party clients leveraging the Zoom SDK are also not supported at launch.
Enabling end-to-end encryption
Enabling Encryption is done in the Security settings for your account on https://universityofleeds.zoom.us/meeting#/
Select Sign in Configure your account and login using your University credentials
Click on Settings on the left hand side
On the Meeting tab near the centre of the page there is a Security section
Scroll down and click to enable the slide switch for Allow use of end-to-end encryption
You will then be presented with options to define your default encryption level
Option one - Enhanced Encryption. All your meetings will be encrypted using a unique encryption key that will be stored on Zoom's servers
Option two - End-to-end encryption. All your meetings will be encrypted using a unique encryption key that will be stored on your device
Select Option two - End-to-end encryption and press save to apply E2EE encryption globally to your account and make all upcoming meetings encrypted.
Zoombombing
If a meeting is unsecured then anyone can join a Zoom meeting if they know the meeting link. Links shared via unsecure or publicly viewable sharing sites such as Twitter, Facebook or other social media platforms expose the meeting to uninvited guests. This is known as 'Zoombombing'.
If you ensure you have set-up your meeting/s following the information above, including joining via the University’s site licence universityofleeds.zoom.us using Single Sign On (SSO), then your meeting/s should not be subjected to Zoombombing
Further Training and Advice
- Allow a co-host to support your meeting. This will enable you to focus on leading the meeting whilst your co-host can manage the administration of the meeting and the participants
Guide to the Roles within a Zoom Meeting or Webinar: Roles in a meeting - Mobile and remote working policy is linked under related articles.
- For more in depth training the LinkedIn Learning tutorial is available here: Learning Zoom
- Specific information on scheduling a meeting can be found here: Schedule a meeting,
Covering topics such as:
- Managing access
- Managing participants
- Options/Advanced options
- Meeting passwords
- Risks of using Personal Meeting ID
- Generating unique meeting IDs
- Hosting Meetings
- Hosting Webinars