Prevent Zoombombing using Zoom privacy and security features
On this page:
- Overview
- What you can do before a meeting
- Generate a unique meeting ID
- Require participants to register
- Require a passcode
- Require a passcode for participants joining via telephone
- Require participants to be logged into a Zoom account
- Require participants to be logged into an IU Zoom account
- Turn off participant video upon entry
- Mute participants upon entry
- Enable the waiting room
- Ensure file transfers are disabled
- Ensure removed participants are unable to rejoin meetings
- Disable chat for webinars
- What you can do during a meeting
Overview
Zoom is a web collaboration tool available to all Indiana University students, faculty, and staff. Zoom provides high-quality audio and video, breakout rooms, whiteboarding tools, the ability to easily add content to meetings "on the fly", and the option to download meeting recordings as MP4 files.
Standard Zoom meetings support up to 300 simultaneous participants. Licenses for large meetings (up to 500 participants) and webinars in two sizes (up to 1,000 or 3,000 participants) are available to faculty and staff; to request a license, email UITS Videoconferencing Support.
For more, see About Zoom at IU and Use Zoom for large video meetings or webinars at IU.
Zoom at IU offers several features and options that can help you maintain the integrity of your Zoom meeting or webinar. Use the following tips to help prevent Zoombombing, where uninvited users enter your Zoom meeting and use the screen share feature to display inappropriate content.
- You shouldn't record meetings that may involve critical data or FERPA-protected information (for example, advising sessions or individual discussions with students regarding their education records, including grades). Meetings involving FERPA-protected student information and Protected Health Information (PHI) should not be stored on the Zoom cloud service or on Kaltura. If you have a requirement to record a meeting that will involve FERPA or critical institutional information, consult with the appropriate Data Steward on storage and retention requirements.
- If you plan to use Zoom to host meetings that involve any type HIPAA-regulated personal health information (PHI), whether or not the meetings are recorded, you must use a Zoom Health account.
What you can do before the meeting
Before your meeting begins, consider the below options to reduce the likelihood of unwelcome or disruptive participants joining your event.
You may also wish to view Zoom: Tools for securing meetings (video tutorial).
Generate a unique meeting ID
To join a meeting, participants provide a 9- to 11-digit ID number unique to said meeting. If one of your previous meetings was compromised, a similar disruption could happen again if you use the same ID. Consider using unique IDs instead. Although they are less convenient than using a recurring meeting ID or your personal Zoom room, unique IDs make it harder for previous disruptive participants to join future meetings. If you are posting about a meeting on a public resource (for example, a departmental website), UITS recommends generating a unique ID. To do so:
-
Log into Zoom.
- Select .
- Provide all details for your meeting.
- Do not select , even if your meeting is part of a series.
- Choose . The page will reload, and the ID should be listed to the right of "Meeting ID".
If your meeting is part of a series, you'll need to schedule a new meeting for each session. You cannot change an existing meeting's ID.
Require participants to register
You can configure your meeting so individuals can't attend unless they have registered. Participants register for meetings through a custom URL that Zoom generates for you. To register, participants must provide their first name, last name, and email address. Participants won't be able to join unless their name and email address matches the information they initially provided when registering.
-
Log into Zoom.
- Select the name of the desired meeting.
- Select .
- Scroll to the "Registration" section.
- Check .
- Choose . The page will then refresh.
- In the "Invite Attendees" section, you should see a registration URL. To copy a default invitation template message that includes the registration URL, select . In the resulting window, select . You can then paste the message into an email message, Canvas announcement, etc.
Require a passcode
-
Log into Zoom.
- Select the name of the desired meeting.
- Select .
- Check
When creating meeting passcodes, keep in mind that some videoconferencing equipment can only enter numbers. If some participants might connect from videoconferencing hardware instead of a computer or mobile device, set a numerical passcode to ensure that they can connect without issue.
. In the resulting text field, enter the desired passcode.
- Choose .
- Share the passcode with your participants in advance by sending meeting invitations via email, Canvas announcement, etc. For more on Zoom invitations, see Inviting others to join a meeting.
Require a passcode for participants joining via telephone
You can require that telephone participants supply a passcode before joining your meeting:
-
Log into Zoom.
- Select .
- Scroll down to find "Require passcode for participants joining via phone", and then select the corresponding toggle button to enable this feature.
Require participants to be logged into a Zoom account
You can require all participants to be logged into their Zoom accounts before accessing your Zoom meeting room. While this setting does not discriminate between institutions providing Zoom accounts (that is, it does not restrict the meeting to only IU Zoom accounts), it is an additional precaution you can take to restrict access to your meeting.
For more, see Zoom: Logging in using Single Sign-on (video tutorial).
To enable this setting:
-
Log into Zoom.
- Choose .
- Choose (or ).
- If you chose , select the desired meeting.
- Select .
- Check the box to the left of .
- From the drop-down, select .
- Choose .
Require participants to be logged into an IU Zoom account
You can require all participants to be logged into IU Zoom accounts.
To enable this setting:
-
Log into Zoom.
- Choose .
- Choose (or ).
- If you chose , select the desired meeting.
- Select .
- Check the box to the left of .
- From the drop-down, select .
- Choose .
Turn off participant video upon entry
You can configure your meeting room so that every participant's video feed is disabled when first joining. However, unless you have manually disabled the user's video feed (see Stop the participant's video), these participants can enable their video feed once they've joined. To do this:
-
Log into Zoom.
- Select the name of the desired meeting.
- Choose .
- Scroll to the "Video" section. To the right of "Participant", choose .
You can also fully disable all participants' video without the option to enable. Select
at the bottom of the Zoom meeting, and make sure the option to allow participants to start video is toggled off.Mute participants upon entry
You can configure your meeting room so that every participant's audio feed is disabled when first joining. However, unless you have manually disabled the user's audio feed (see Mute the participant), these participants can enable their audio feed once they've joined. To do this:
-
Log into Zoom.
- Choose .
- Select the name of the desired meeting.
- Select .
- Check .
- Choose .
You can also fully disable all participants' audio without the option to enable. Select
at the bottom of the Zoom meeting, and make sure the option to allow participants to unmute themselves is toggled off.Enable the waiting room
When the waiting room is enabled, participants can't join the meeting until you admit them. At Indiana University, waiting rooms are enabled by default. However, IU participants can bypass the waiting room and automatically join the meeting by default. You have the option to disable the waiting room and/or modify its bypass settings.
Enable for a single meeting
-
Log into Zoom.
- Choose .
- Select the name of the desired meeting.
- Select .
- Check .
- Choose .
Enable for all meetings
-
Log into Zoom.
- In the left navigation pane, choose .
- In the "Security section", locate the "Waiting Room" toggle.
- Toggle the "Waiting room" setting on. Once it's enabled, the toggle will change in color from gray to blue.
Allow users to bypass the waiting room
If you'd like, you can allow certain types of participants to skip the waiting room and automatically join your meeting:
-
Log into Zoom.
- In the left navigation pane, choose .
- In the "Security" section, locate the "Waiting Room Options" section.
- Select .
- To require all participants to join the waiting room, select the bubble next to "Everyone", and then choose .
- To allow users who are logged into their Zoom at IU account to bypass the waiting room, select the bubble next to "Users not in your account", and then choose .
- You may also exempt users who are logged into Zoom accounts that are provided by other institutions (for example, another university or school). To exempt these participants, as well as participants who are logged into their Zoom at IU account, select the bubble next to "Users who are not in your account and not part of the allowed list". In the text field under "Allowed domains", enter the domain associated with the institution you would like to exempt. Then, choose .
Ensure file transfers are disabled
-
Log into Zoom.
- Choose .
- In the "In Meeting (Basic)" section, ensure that is toggled off.
Ensure removed participants are unable to rejoin meetings
-
Log into Zoom.
- Choose .
- In the "In Meeting (Basic)" section, ensure that is toggled off.
Disable chat for webinars
To disable the chat function for all of your webinars:
-
Log into Zoom.
- Choose .
- Scroll down to find "Webinar chat", and then toggle it off (the toggle will change in color from blue to gray.
What you can do during a meeting
To secure settings for a meeting that you've started, or if you need to handle a disruption (if someone has interrupted the session, for example), you have several options.
For more, see Zoom: Managing disruptions during meetings (Video tutorial).
If you're using a Windows, macOS, or Linux Zoom desktop client, you can use Zoom's Security feature in your meeting controls to quickly set some options for a meeting you've started; these include locking the meeting, enabling a waiting room, disabling screensharing, and more. For details, see In-meeting security options.
Designate a co-host
Depending on the size of your meeting, it may be difficult to both run your session and moderate your participants. One or more co-hosts can help with these responsibilities while you conduct your meeting. For details about what co-hosts can and cannot do, see Enabling and adding a co-host.
To promote a participant to co-host:
- In the Zoom meeting window, choose . A tab called should appear on the right.
- Hover over the name of the desired co-host and select .
- Choose .
Prevent participants from screen sharing
- In the Zoom meeting room window, select the arrow next to "Share Screen", and then select .
- Under "Who can share?", select .
Restrict chat
Restricting chat to only the host allows the host to still be able to take questions from the audience without allowing attackers to spam offensive messages that are seen by all. To restrict chat:
- In the meeting controls, select .
- At the bottom of the in-meeting Zoom group chat window, select . Under "Participant Can Chat With:", select (or , if you don't want participants to use the Chat feature).
For more, see Enabling or disabling in-meeting chat.
Restrict and clear annotations
By default, the annotation feature is disabled for Zoom at IU meetings. but you can enable the annotation feature on your account if you wish to use it. Once enabled, anyone in your meetings, including your participants, can annotate the screen share. However, once a screen share has started, the host can disable the ability for attendees to add annotations.
Disabling annotations will not remove annotations that the attacker made prior to the setting change. The host or co-host can use the annotation tool to clear all current annotations.
To disable annotations in-meeting:
- Start sharing normally.
- In the control panel at the top of the screen, choose .
- Select .
Mute the participant
To mute a participant:
- In the Zoom meeting room window, choose . A tab called should appear on the right.
- Hover over the name of the desired participant and select .
- Choose .
Stop the participant's video
To disable a participant's video feed:
- In the Zoom meeting room window, choose . A tab called should appear on the right.
- Hover over the name of the desired participant and select .
- Choose .
Remove the participant
To remove a participant from the meeting:
- In the Zoom meeting room window, select . A tab called should appear on the right.
- Hover over the name of the desired participant and select .
- Choose .
Lock the meeting
Once a meeting is locked, no one else can join. To lock your meeting:
- In the Zoom meeting room window, select . A tab called should appear on the right.
- Select in the bottom right.
- Choose .
Related documents
This is document ativ in the Knowledge Base.
Last modified on 2024-05-08 12:24:48.