Security Settings - Zoom

Prevent inappropriate content and unwanted guests from making an appearance in your Zoom meetings with these recommendations from UB's Information Security Office.

On this page:

Where to find your Zoom security settings

Online at buffalo.zoom.us

Your default security settings are set and stored online.

1. In a Web browser, go to buffalo.zoom.us
2.
Click Sign In

Click sign in.

3. Login with your UBITName and password (if prompted)
4.
 In the Zoom interface, click Settings at left. Scroll down this page to see a host of powerful security features which are discussed in detail on this page.

Settings.

Under "security" at the bottom of the Zoom chat window

Additional onscreen controls allow you to adjust certain security settings while a meeting is in progress.

Security tab in the Zoom client.

Require a password

Require a password to join any meeting or session, especially if the meeting or session is advertised publicly or widely, or where large numbers of attendees are invited or anticipated (this is the default setting).

Protect your Personal Meeting ID

Avoid using your Personal Meeting ID in meeting links

When you schedule a meeting, a Meeting ID link is generated. If you are going to share your Meeting ID link (especially on social media), we strongly recommend using the default “Generate Automatically” option, which creates a random link to your meeting. If you switch to the “Personal Meeting ID” option, anyone seeing that link can take note of it and use it to pop in and out of your meetings at any time in the future.

If you use your Personal Meeting ID, require a password

UB’s Information Security Office recommends always requiring a password for meetings hosted using your Personal Meeting ID. This is the default setting.  Alternately, you can generate a new Meeting ID for each meeting, and send it only to those you wish to participate. 

Restrict screen sharing

Lock the Screen Share by default for all your meetings in your web settings (this is the default setting).

Before a call

  1. Log into the Zoom web portal with your UBITName and password
  2. Select Settings at left
  3. Click Meeting > In Meeting (Basic)
  4. Scroll down to Screen Sharing
  5. Change Who can share? to Host only
Screen sharing settings.

During a call

  1. At the bottom of the meeting window, click Security
  2. Uncheck (deselect) Share Screen

Don't click untrusted links in the chat window

Just as with any email, avoid clicking links in the chat window unless you know explicitly what they are and who is providing them. Malicious links could lead to your device or account being compromised and personal information stolen.

Share class sessions only in UB Learns or MyUB

If using Zoom for teaching and intended only for student use, it is recommended that meeting hosts only share session or meetings links through the class session itself in UB Learns or though MyUB. That way, if you have concerns that a password has been exposed, you can create a new session or meeting with a new password, and easily re-share it to your class.

Enable the Waiting Room feature

Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. 

Meeting hosts can customize Waiting Room settings for additional control, and you can even personalize the message people see when they hit the Waiting Room so they know they’re in the right spot. This message is really a great spot to post any rules/guidelines for your event, like who it’s intended for. 

More web security settings

Settings in the meeting window

See "Security" under In-Meeting Controls.

Settings online at buffalo.zoom.us

The Zoom web portal has many great features to help secure your Zoom event and host with confidence:

  • Lock the meeting - When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one). In the meeting, click Participants at the bottom of your Zoom window. In the pop-up, click the button that says Lock Meeting. See Host and Co-Host Controls in a Meeting (VIDEO) >

  • Remove unwanted or disruptive participants - From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to kick someone out of the meeting. See Managing Participants in a Meeting >

  • Allow removed participants to rejoin - When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin, in case you boot the wrong person. See Allowing Removed Participants or Panelists to Rejoin >

  • Put people on hold - You can put everyone else on hold, and the attendees’ video and audio connections will be disabled momentarily. Click on someone’s video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participants list when you’re ready to have them back. See Enable Attendee On Hold for Your Meetings >

  • Disable video - Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video or for that time your friend’s inside pocket is the star of the show. See Managing Participants in a Meeting >

  • Mute participants - Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to reduce clamor in large meetings. See Mute All and Unmute All >

  • Turn off file transfer - In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited content. See In-Meeting File Transfer >

  • Turn off annotation - You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens. See Using Annotation Tools on a Shared Screen or Whiteboard >

  • Disable private chat -  Zoom has an in-meeting chat for everyone, or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions. This is really to prevent anyone from getting unwanted messages during the meeting. See Controlling and Disabling in-Meeting Chat >

Common questions

Where and how do I report someone for Zoom harassment or misuse?

If you experience an issue such as Zoombombing, in the meeting window, click Security > Report a user.  Follow up with UBIT Help Center

Why doesn’t the “required password” default actually prompt me to type in a password for a Zoom meeting?

If you are accessing the session by clicking on a link in the invitation the password is encrypted and embedded in the link. You will only get prompted to enter the password if you select “Join a Meeting” in the Zoom client and then enter the Meeting ID # rather than clicking on the link, which will then prompt for a password. 

Shouldn't UB move to another platform, given all the security concerns about Zoom?

Security risks are a concern for all conferencing tools. Zoom has had a more intense level of scrutiny given its widespread use. Vulnerabilities have been identified in every major platform, including Cisco’s Webex, GoToMeeting and Microsoft Teams. The nature of using an online platform means that there will always be risks. However, risks can be significantly minimized by following UBIT's provided recommendations to secure your sessions. Zoom has been extremely responsive to the security community’s concerns with their product and is actively releasing patches significantly faster than most platforms.

See also

Need help? Contact the UBIT Help Center or your departmental IT support.