Zoom: How to Secure Your Meetings and Webinars

Environment

U-M Zoom

Issue

U-M has taken some proactive measures to ensure our meetings, classes, and community are protected, but securing Zoom meetings and webinars is a shared responsibility, and hosts especially have a role to play in ensuring Zoom sessions are appropriately protected.

Securing your Zoom meetings and webinars that you host ensures that they stay private and free of uninvited participants. Refer to the information below for more details.

Resolution

The following are possible ways to make your U-M Zoom meetings and webinars more secure. Select the options that work best for you and your participants.

Prevent unwanted participants from joining your meeting/webinar

There are three options you can use to prevent unwanted participants from joining your Zoom meeting or webinar. Use multiple options together for extra security.

• Require authentication through U-M Weblogin to join
• Enable the Waiting Room feature
• Require a passcode to join

Refer to Article ID: 4589 to learn about these three options and which is right for your meeting or webinar.

Avoid publishing meeting/webinar information publicly

• Avoid publishing meeting or webinar URLs or IDs in public communication channels, like websites or social media.
• Remind participants not to share meeting details publicly or with others not invited.
• For public events, we recommend that you:
  • Make the event a webinar instead of a meeting. Webinars give the host more control over attendees. For example, attendees cannot be seen (video) or heard (audio) or share their screens unless the host permits. Learn more about the differences between meetings and webinars.
    • Request a webinar license if you don't have one already.
    • If the event was already created as a meeting, you can convert it to a webinar without changing the link or sending a new invitation.
  • Use registration forms to review participants before sending them the join information.
    • Learn more about enabling registration for meetings and webinars, including customization options.
      • Consider turning off the Allow attendees to join from multiple devices option.
        • When this setting is off, the registration link can only be used once.
        • When this setting is on, the registration link can be used repeatedly, meaning a registrant could share the link with others or even post it publicly, allowing unlimited people to access the meeting/webinar with the same registration.
          • Everyone who uses that link will appear in the Participants list as the registered person.
  • Limit the event to U-M participants (meetings/webinars) and/or add a Waiting Room (meetings only).

Adjust your account settings

Meeting options when scheduling individual meetings

• Do not use Allow participants to join before host to ensure participants are not able to join the meeting before the host arrives.
  • Refer to Zoom Support: Allowing participants to join before host for more information on enabling/disabling this setting at the account level (for all meetings you host) and for already scheduled meetings you host.
  • If you have both Allow participants to join before host and Automatically record meeting enabled for your meeting, when the first participant joins a meeting, the cloud recording will automatically begin recording, regardless of whether the host joins the meeting. (After the meeting ends, the recording will be saved to the host's account and not the participant's). However, if you select the automatic recording to be done locally on your computer, it will not automatically start until you (the host) join the meeting. Refer to Zoom Support: Start recordings without the host for more information.
• Check the Mute participants upon entry box to automatically mute participants as they join the meeting. You can choose during the meeting whether they are permitted to unmute themselves.
  • This setting can be adjusted when scheduling the meeting, after scheduling the meeting, or during the meeting. While scheduling or editing a scheduled meeting, you will find the checkbox under the Options section. During the meeting, click Participants from the toolbar and click the three-dot menu icon in the bottom-right corner of the panel to find the option.

User settings and defaults

The settings you enable/disable at the account level will apply to you and any meetings/webinars you host. You can adjust these settings via the U-M Zoom web portal.

• Enable at least one security option for every meeting you create in U-M Zoom.
• Limit individuals' access to in-meeting/in-webinar chat.
• Turn off Send files via meeting chat and Send files via webinar chat, ensuring participants cannot share files in the in-meeting/in-webinar chat. However, this also affects the ability of hosts to send files.
• Set the default screen-sharing permissions for your meetings to allow hosts and co-hosts to share their screens only.
  • From your U-M Zoom account settings: Meeting tab > In Meeting (Basic) > Screen sharing. Ensure Screen sharing is toggled on and One participant can share at a time is selected under "How many participants can share at the same time?" Select Host Only under "Who can share?" and click Save.
  • During the meeting, you can either turn off this setting via the in-meeting security controls or promote a participant to a co-host to allow them to share.
  • Turning off this setting in an individual meeting changes the setting for that meeting only and will not impact other meetings you host.
• Set the default annotating screen shares permissions for your meetings to allow only the individual who is screen sharing to annotate.
  • From your U-M Zoom account settings: Meeting tab > In Meeting (Basic) > Annotation. Ensure Annotation is toggled on, check the Only the user who is sharing can annotate box, and click Save.
  • During the meeting, you can change this setting to allow participants to annotate your screen. While screen sharing, check Annotate on shared content from the in-meeting security controls drop-down.
  • Turning off this setting in an individual meeting changes the setting for that meeting only and will not impact other meetings you host.
• Ensure the Allow removed participants to rejoin setting is toggled off (Meeting tab > In Meeting (Basic) > Allow removed participants to rejoin). This way, if you remove a participant from your meeting, they will be blocked from rejoining.
• Protect participant privacy by masking phone numbers in the Participants list. This prevents meeting attendees from identifying other attendees' phone numbers.
  • From your U-M Zoom account settings, click the Audio Conferencing tab and ensure Mask phone number in the participant list is toggled on.

Minimize disruptions

You should review the in-meeting security controls available to hosts during a meeting. The information below goes into more details regarding specific controls that could help minimize disruptions.

Audio and video

• Prevent participants from unmuting themselves unless you allow them. Uncheck Unmute Themselves in the In-Meeting Security options.
  • You can individually allow participants to unmute without rechecking this option: click Participants, then Ask to Unmute next to an individual's name. Try asking participants to raise their hands in order to speak, and unmute them when it is their turn to speak.
  • Mute participants by default when they join the meeting: click Participants, then More, then Mute All Upon Entry (if it is on, it shows a check mark).
• Prevent participants from starting their video unless you allow them. Uncheck Start Video in the In-Meeting Security options.
  • You can individually allow participants to start their video without rechecking this option: click Participants, then the More dropdown next to an individual's name, then Ask to Start Video.
• Hide profile pictures. By default, if someone's video is stopped, their profile picture shows instead. To avoid potential disruptive profile pictures, check Hide Profile Pictures in the In-Meeting Security options.

Screen-sharing and annotation

• Prevent participants from sharing their screens unless you allow them. Uncheck Share Screen in the In-Meeting Security options.
• Prevent participants from annotating on a shared screen. While sharing your screen, uncheck Annotate on Shared Content in the In-Meeting Security options.

Chat and Q&A

• Limit In-Meeting/In-Webinar Chat to control who can see chats that participants/attendees send.
• Webinar Q&A: Do not allow anonymous questions, and only allow attendees to view answered questions. This allows you to moderate the Q&A as well as identify potential disruptors.

Other

• Lock your meeting if everyone who should be there has joined. At the point a meeting is locked, no other participants are able to join the meeting. Refer to In-Meeting Security Options for more information.
• Turn on the Waiting Room if most individuals who should be there have joined. All participants already in the meeting will be unaffected, but anyone who tries to join after this point will be subject to the Waiting Room rules defined in the host's Settings under Waiting Room Options. Refer to In-Meeting Security Options for more information.
• Disruptors commonly change their names in Meetings and Webinars to offensive words or phrases, or to the name of another person in the Meeting to create confusion. To avoid this, you can prevent participants from renaming themselves. Uncheck Rename Themselves in the In-Meeting Security options.
  • Note: preventing renaming also prevents people from adding their pronouns or other useful guides to the end of their names, an unfortunate con to this strategy.

Additional resources

Follow the guidance on the website How to Secure Meetings in Zoom. Also review the Safe Computing materials on videoconference security:

• Secure Your Videoconferencing: Links to instructions for choosing security settings in Google Meet, Microsoft Teams, and Zoom.
• Privacy, Security, Compliance, and Videoconferencing: What does U-M do, and what are you responsible for doing to protect privacy while videoconferencing at the university.

Additional Information

Need additional information or assistance? Contact the ITS Service Center.