Prevent inappropriate content and unwanted guests from making an appearance in your Zoom meetings with these recommendations from UB's Information Security Office.
Note: As of 1/25/21, every new meeting you schedule must have one of three security measures: a passcode, a waiting room, or only authenticated users can join.
Your default security settings are set and stored online.
1. In a Web browser, go to buffalo.zoom.com
2. Click Sign In
3. Login with your UBITName and password (if prompted)
4. In the Zoom interface, click Settings at left. Scroll down this page to see a host of powerful security features which are discussed in detail on this page.
Additional onscreen controls allow you to adjust certain security settings while a meeting is in progress.
Require a passcode to join any meeting or session, especially if the meeting or session is advertised publicly or widely, or where large numbers of attendees are invited or anticipated (this is the default setting).
If you choose not to use a passcode, the Waiting Room feature will be enabled. The Waiting Room feature allows the host to control when a participant joins the meeting by placing participants in a Waiting Room prior to joining the session. Read more from Zoom >
When you schedule a meeting, a Meeting ID link is generated. If you are going to share your Meeting ID link (especially on social media), we strongly recommend using the default “Generate Automatically” option, which creates a random link to your meeting. If you switch to the “Personal Meeting ID” option, anyone seeing that link can take note of it and use it to pop in and out of your meetings at any time in the future.
UB’s Information Security Office recommends always requiring a passcode for meetings hosted using your Personal Meeting ID. This is the default setting. Alternately, you can generate a new Meeting ID for each meeting, and send it only to those you wish to participate.
Lock the Screen Share by default for all your meetings in your web settings (this is the default setting).
Before a call
During a call
Just as with any email, avoid clicking links in the chat window unless you know explicitly what they are and who is providing them. Malicious links could lead to your device or account being compromised and personal information stolen.
If using Zoom for teaching and intended only for student use, it is recommended that meeting hosts only share session or meetings links through the class session itself in UB Learns or though MyUB. That way, if you have concerns that a password has been exposed, you can create a new session or meeting with a new password, and easily re-share it to your class.
Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. As of 9/27/2020, if your meeting does not require a passcode, the Waiting Room is automatically enabled.
Meeting hosts can customize Waiting Room settings for additional control, and you can even personalize the message people see when they hit the Waiting Room so they know they’re in the right spot. This message is really a great spot to post any rules/guidelines for your event, like who it’s intended for.
See "Security" under In-Meeting Controls.
The Zoom web portal has many great features to help secure your Zoom event and host with confidence:
If you experience an issue such as Zoombombing, in the meeting window, click Security > Report a user. Follow up with UBIT Help Center.
If you are accessing the session by clicking on a link in the invitation the passcode is encrypted and embedded in the link. You will only get prompted to enter the passcode if you select “Join a Meeting” in the Zoom client and then enter the Meeting ID # rather than clicking on the link, which will then prompt for a passcode.
Security risks are a concern for all conferencing tools. Zoom has had a more intense level of scrutiny given its widespread use. Vulnerabilities have been identified in every major platform, including Cisco’s Webex, GoToMeeting and Microsoft Teams. The nature of using an online platform means that there will always be risks. However, risks can be significantly minimized by following UBIT's provided recommendations to secure your sessions. Zoom has been extremely responsive to the security community’s concerns with their product and is actively releasing patches significantly faster than most platforms.