Update Your Zoom Software
To address security and performance concerns it is important to keep your Zoom software up to date. Zoom will typically notify you with a popup when an update is available. You should always install the update if prompted. You can also check for new Zoom software updates manually. Please see the content below for more tips on securing Zoom sessions.
Securing Your Meetings
How to Lock Your Classroom
How to Enable the Waiting Room
How to Secure Your Zoom Meeting
Internet2 Zoom Webinar Addresses Higher Education Security & Privacy Commitment
Speaking to over 600 members of the higher education community, Zoom detailed the company's commitment to creating the best and safest Zoom meeting experiences for users and addressed security, privacy, data, and any other concerns gathered by the higher education community. The call was hosted by Zoom in collaboration with Internet2, the national research and education network in the United States.
Zoom's Message to Users
Read what Zoom has done to address security and privacy concerns, along with a detailed list of the next steps to be taken.
Zoomnosis: Avoiding Mischief and Mayhem in the Great Leap to Zoom
As the coronavirus forces many courses onto videoconferencing platforms, instructors and institutions can take small but important steps to ensure effective use and communication, Jody Greene writes.
Source: Inside Higher Ed
Creating a Registered Class
You can require your participants to register with their e-mail, name, and custom questions. Using this feature will also provide the ability to generate downloadable meeting registration reports. This will show you every email address of everyone who signed up to join your class and can help you evaluate who's attending.
Disabling Join Before Host
The "Join Before Host" feature allows attendees to join a meeting before the host joins or when the host cannot attend the meeting. With this feature disabled, the participants will see a pop up dialog that reads, "The meeting is waiting for the host to join." If you are the host, there will be a button to login and start the meeting as the host.
Controlling and Disabling Chat
As the host, you have full control over who chats with whom in the classroom. You can also disable the chat for all participants or disable private chat, so participants cannot send private messages.
Getting Started with Zoom
There are many resources available to help you become an expert Zoom user. Here are a few video tutorials to get you started:
How to Mitigate "Zoombombing"
You might have recently heard about "Zoombombing". It is when a participant in a class hijacks control of the session and posts or shares objectionable material on screen for all participants to see. The perpetrator is usually someone who has no business being in the class but has managed to get hold of the link to the class and joined with a fake screen name. I want you to know that UH is doing everything that we can to prevent these often traumatic disruptions from happening to our faculty and staff while still giving you flexibility in how you schedule sessions. We've been working with IT Security to review the default meeting configurations to balance security with ease of use.
Most cases of Zoombombing happen because meeting log in information was published onto a website, shared to an email list, or forwarded outside of the participant group. Short of requiring participants to log in, the best way to prevent it from happening to you is to make sure that you are sharing your meeting only with people you want to attend.
Tip: Prevent Zoombombing
It is impossible to completely prevent unwanted participants without requiring that everyone log in with a CougarNet account, a level of security that could impact some faculty's ability to use Zoom effectively in our current situation. However, there are some steps you can take to improve security and limit the impact if you do have an unwanted visitor.
When you schedule a Zoom meeting:
- Don't disable meeting password or any of the existing security options without a good reason.
- Limit Screen Sharing to the Host if you are the only presenter. With this setting enabled only you will be able to share screen.
- Disable join before host—this will prevent meeting attendees from joining your meeting prior to your arrival. They will be allowed in as soon as the meeting host logs in.
- Lock Your Session when everyone has arrived—this setting allows you to prevent additional attendees from joining your meeting once it has started
- Remove a Participant from a Zoom Meeting—you can remove disruptive attendees from your meeting using this option
- If you do have a Zoombombing incident, please notify UIT Security
This is a challenging time and many of you have jumped into a new and alien environment for teaching and working. Please feel free to reach out for help if you need it.
FBI Warns of Teleconference Hijacking
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called "Zoombombing") are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to "Host Only."
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization's telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI's Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, please report it to us at tips.fbi.gov or call the FBI Houston Field Office at (713) 693-5000.