Security Settings - Zoom

Note: As of 1/25/21, every new meeting you schedule must have one of three security measures: a passcode, a waiting room, or only authenticated users can join.

Your default security settings are set and stored online.

1. In a Web browser, go to buffalo.zoom.com
2. Click Sign In

3. Login with your UBITName and password (if prompted)
4. In the Zoom interface, click Settings at left. Scroll down this page to see a host of powerful security features which are discussed in detail on this page.

Additional onscreen controls allow you to adjust certain security settings while a meeting is in progress.

Require a passcode to join any meeting or session, especially if the meeting or session is advertised publicly or widely, or where large numbers of attendees are invited or anticipated (this is the default setting).

If you choose not to use a passcode, the Waiting Room feature will be enabled. The Waiting Room feature allows the host to control when a participant joins the meeting by placing participants in a Waiting Room prior to joining the session. Read more from Zoom >

When you schedule a meeting, a Meeting ID link is generated. If you are going to share your Meeting ID link (especially on social media), we strongly recommend using the default “Generate Automatically” option, which creates a random link to your meeting. If you switch to the “Personal Meeting ID” option, anyone seeing that link can take note of it and use it to pop in and out of your meetings at any time in the future.

UB’s Information Security Office recommends always requiring a passcode for meetings hosted using your Personal Meeting ID. This is the default setting.  Alternately, you can generate a new Meeting ID for each meeting, and send it only to those you wish to participate. 

Lock the Screen Share by default for all your meetings in your web settings (this is the default setting).

Before a call

1. Log into the Zoom web portal with your UBITName and password
2. Select Settings at left
3. Click Meeting > In Meeting (Basic)
4. Scroll down to Screen Sharing
5. Change Who can share? to Host only

During a call

1. At the bottom of the meeting window, click Security
2. Uncheck (deselect) Share Screen

Just as with any email, avoid clicking links in the chat window unless you know explicitly what they are and who is providing them. Malicious links could lead to your device or account being compromised and personal information stolen.

If using Zoom for teaching and intended only for student use, it is recommended that meeting hosts only share session or meetings links through the class session itself in UB Learns or though MyUB. That way, if you have concerns that a password has been exposed, you can create a new session or meeting with a new password, and easily re-share it to your class.

Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. As of 9/27/2020, if your meeting does not require a passcode, the Waiting Room is automatically enabled.

Meeting hosts can customize Waiting Room settings for additional control, and you can even personalize the message people see when they hit the Waiting Room so they know they’re in the right spot. This message is really a great spot to post any rules/guidelines for your event, like who it’s intended for. 

See "Security" under In-Meeting Controls.

The Zoom web portal has many great features to help secure your Zoom event and host with confidence:

• Allow only signed-in users to join - If someone tries to join your event and isn’t logged into Zoom with the email they were invited through, they will be asked to sign in. See Authentication Profiles for Meetings and Webinars (VIDEO) >

• Lock the meeting - When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and passcode (if you have required one). In the meeting, click Participants at the bottom of your Zoom window. In the pop-up, click the button that says Lock Meeting. See Host and Co-Host Controls in a Meeting (VIDEO) >
  
  
• Remove unwanted or disruptive participants - From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to kick someone out of the meeting. See Managing Participants in a Meeting >
  
  
• Allow removed participants to rejoin - When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin, in case you boot the wrong person. See Allowing Removed Participants or Panelists to Rejoin >
  
  
• Put people on hold - You can put everyone else on hold, and the attendees’ video and audio connections will be disabled momentarily. Click on someone’s video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participants list when you’re ready to have them back. See Enable Attendee On Hold for Your Meetings >
  
  
• Disable video - Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video or for that time your friend’s inside pocket is the star of the show. See Managing Participants in a Meeting >
  
  
• Mute participants - Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to reduce clamor in large meetings. See Mute All and Unmute All >
  
  
• Turn off file transfer - In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited content. See In-Meeting File Transfer >
  
  
• Turn off annotation - You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens. See Using Annotation Tools on a Shared Screen or Whiteboard >
  
  
• Disable private chat -  Zoom has an in-meeting chat for everyone, or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions. This is really to prevent anyone from getting unwanted messages during the meeting. See Controlling and Disabling in-Meeting Chat >

If you experience an issue such as Zoombombing, in the meeting window, click Security > Report a user.  Follow up with UBIT Help Center. 

If you are accessing the session by clicking on a link in the invitation the passcode is encrypted and embedded in the link. You will only get prompted to enter the passcode if you select “Join a Meeting” in the Zoom client and then enter the Meeting ID # rather than clicking on the link, which will then prompt for a passcode. 

Security risks are a concern for all conferencing tools. Zoom has had a more intense level of scrutiny given its widespread use. Vulnerabilities have been identified in every major platform, including Cisco’s Webex, GoToMeeting and Microsoft Teams. The nature of using an online platform means that there will always be risks. However, risks can be significantly minimized by following UBIT's provided recommendations to secure your sessions. Zoom has been extremely responsive to the security community’s concerns with their product and is actively releasing patches significantly faster than most platforms.