Prevent Zoombombing using Zoom privacy and security features

On this page:

Overview

Important:
Report instances of Zoombombing to the University Information Security Office (UISO) as described in Report an incident.

Zoom is a web collaboration tool available to all Indiana University students, faculty, and staff. Zoom provides high-quality audio and video, breakout rooms, whiteboarding tools, the ability to easily add content to meetings "on the fly", and the option to download meeting recordings as MP4 files.

Standard Zoom meetings support up to 300 simultaneous participants. Licenses for large meetings (up to 500 participants) and webinars in two sizes (up to 1,000 or 3,000 participants) are available to faculty and staff; to request a license, email UITS Videoconferencing Support.

For more, see About Zoom at IU and Use Zoom for large video meetings or webinars at IU.

Zoom at IU offers several features and options that can help you maintain the integrity of your Zoom meeting or webinar. Use the following tips to help prevent Zoombombing, where uninvited users enter your Zoom meeting and use the screen share feature to display inappropriate content.

Important:
  • You shouldn't record meetings that may involve critical data or FERPA-protected information (for example, advising sessions or individual discussions with students regarding their education records, including grades). Meetings involving FERPA-protected student information and Protected Health Information (PHI) should not be stored on the Zoom cloud service or on Kaltura. If you have a requirement to record a meeting that will involve FERPA or critical institutional information, consult with the appropriate Data Steward on storage and retention requirements.
  • If you plan to use Zoom to host meetings that involve any type HIPAA-regulated personal health information (PHI), whether or not the meetings are recorded, you must use a Zoom Health account.

What you can do before the meeting

Note:
For recommended methods for securing your Zoom meeting, see Secure publicly advertised Zoom meetings.

Before your meeting begins, consider the below options to reduce the likelihood of unwelcome or disruptive participants joining your event.

You may also wish to view Zoom: Tools for securing meetings (video tutorial).

Generate a unique meeting ID

To join a meeting, participants provide a 9- to 11-digit ID number unique to said meeting. If one of your previous meetings was compromised, a similar disruption could happen again if you use the same ID. Consider using unique IDs instead. Although they are less convenient than using a recurring meeting ID or your personal Zoom room, unique IDs make it harder for previous disruptive participants to join future meetings. If you are posting about a meeting on a public resource (for example, a departmental website), UITS recommends generating a unique ID. To do so:

  1. Log into Zoom.

  2. Select Schedule a New Meeting.
  3. Provide all details for your meeting.
  4. Do not select Recurring meeting, even if your meeting is part of a series.
  5. Choose Save. The page will reload, and the ID should be listed to the right of "Meeting ID".

If your meeting is part of a series, you'll need to schedule a new meeting for each session. You cannot change an existing meeting's ID.

Require participants to register

You can configure your meeting so individuals can't attend unless they have registered. Participants register for meetings through a custom URL that Zoom generates for you. To register, participants must provide their first name, last name, and email address. Participants won't be able to join unless their name and email address matches the information they initially provided when registering.

  1. Log into Zoom.

  2. Select the name of the desired meeting.
  3. Select Edit this meeting.
  4. Scroll to the "Registration" section.
  5. Check Required.
  6. Choose Save. The page will then refresh.
  7. In the "Invite Attendees" section, you should see a registration URL. To copy a default invitation template message that includes the registration URL, select Copy the invitation. In the resulting window, select Copy Meeting Invitation. You can then paste the message into an email message, Canvas announcement, etc.

Require a passcode

  1. Log into Zoom.

  2. Select the name of the desired meeting.
  3. Select Edit this meeting.
  4. Check Require meeting passcode. In the resulting text field, enter the desired passcode.

    When creating meeting passcodes, keep in mind that some videoconferencing equipment can only enter numbers. If some participants might connect from videoconferencing hardware instead of a computer or mobile device, set a numerical passcode to ensure that they can connect without issue.

  5. Choose Save.
  6. Share the passcode with your participants in advance by sending meeting invitations via email, Canvas announcement, etc. For more on Zoom invitations, see Inviting others to join a meeting.

Require a passcode for participants joining via telephone

You can require that telephone participants supply a passcode before joining your meeting:

  1. Log into Zoom.

  2. Select Settings.
  3. Scroll down to find "Require passcode for participants joining via phone", and then select the corresponding toggle button to enable this feature.
Note:
When you enable this feature, it is enabled for all of your meetings.

Require participants to be logged into a Zoom account

You can require all participants to be logged into their Zoom accounts before accessing your Zoom meeting room. While this setting does not discriminate between institutions providing Zoom accounts (that is, it does not restrict the meeting to only IU Zoom accounts), it is an additional precaution you can take to restrict access to your meeting.

For more, see Zoom: Logging in using Single Sign-on (video tutorial).

To enable this setting:

  1. Log into Zoom.

  2. Choose Meetings.
  3. Choose Upcoming Meetings (or Personal Meeting Room).
  4. If you chose Upcoming Meetings, select the desired meeting.
  5. Select Edit this Meeting.
  6. Check the box to the left of Only authenticated users can join.
  7. From the drop-down, select Any authenticated Zoom user can join.
  8. Choose Save.

Require participants to be logged into an IU Zoom account

You can require all participants to be logged into IU Zoom accounts.

To enable this setting:

  1. Log into Zoom.

  2. Choose Meetings.
  3. Choose Upcoming Meetings (or Personal Meeting Room).
  4. If you chose Upcoming Meetings, select the desired meeting.
  5. Select Edit this Meeting.
  6. Check the box to the left of Only authenticated users can join.
  7. From the drop-down, select Only authenticated IU Zoom users can join.
  8. Choose Save.

Turn off participant video upon entry

You can configure your meeting room so that every participant's video feed is disabled when first joining. However, unless you have manually disabled the user's video feed (see Stop the participant's video), these participants can enable their video feed once they've joined. To do this:

  1. Log into Zoom.

  2. Select the name of the desired meeting.
  3. Choose Edit this meeting.
  4. Scroll to the "Video" section. To the right of "Participant", choose off.

You can also fully disable all participants' video without the option to enable. Select Security at the bottom of the Zoom meeting, and make sure the option to allow participants to start video is toggled off.

Mute participants upon entry

You can configure your meeting room so that every participant's audio feed is disabled when first joining. However, unless you have manually disabled the user's audio feed (see Mute the participant), these participants can enable their audio feed once they've joined. To do this:

  1. Log into Zoom.

  2. Choose Meetings.
  3. Select the name of the desired meeting.
  4. Select Edit this meeting.
  5. Check Mute participants upon entry.
  6. Choose Save.

You can also fully disable all participants' audio without the option to enable. Select Security at the bottom of the Zoom meeting, and make sure the option to allow participants to unmute themselves is toggled off.

Note:
If you are running a webinar, your participants won't be able to unmute themselves.

Enable the waiting room

When the waiting room is enabled, participants can't join the meeting until you admit them. At Indiana University, waiting rooms are enabled by default. However, IU participants can bypass the waiting room and automatically join the meeting by default. You have the option to disable the waiting room and/or modify its bypass settings.

Enable for a single meeting

  1. Log into Zoom.

  2. Choose Meetings.
  3. Select the name of the desired meeting.
  4. Select Edit this meeting.
  5. Check Enable waiting room.
  6. Choose Save.

Enable for all meetings

  1. Log into Zoom.

  2. In the left navigation pane, choose Settings.
  3. In the "Security section", locate the "Waiting Room" toggle.
  4. Toggle the "Waiting room" setting on. Once it's enabled, the toggle will change in color from gray to blue.
Note:
If the waiting room is toggled on at the account level, all future meetings will by default have the waiting room enabled. You can turn this off for a single meeting when you create the meeting, or by editing the meeting.

Allow users to bypass the waiting room

If you'd like, you can allow certain types of participants to skip the waiting room and automatically join your meeting:

  1. Log into Zoom.

  2. In the left navigation pane, choose Settings.
  3. In the "Security" section, locate the "Waiting Room Options" section.
  4. Select Edit Options.
  5. To require all participants to join the waiting room, select the bubble next to "Everyone", and then choose Continue.
  6. To allow users who are logged into their Zoom at IU account to bypass the waiting room, select the bubble next to "Users not in your account", and then choose Continue.
  7. You may also exempt users who are logged into Zoom accounts that are provided by other institutions (for example, another university or school). To exempt these participants, as well as participants who are logged into their Zoom at IU account, select the bubble next to "Users who are not in your account and not part of the allowed list". In the text field under "Allowed domains", enter the domain associated with the institution you would like to exempt. Then, choose Continue.
Note:
Unlike waiting rooms, the bypass setting can't be changed on a per-meeting basis. The option you set here will apply to all of your meetings, including meetings that you have already created.

Ensure file transfers are disabled

  1. Log into Zoom.

  2. Choose Settings.
  3. In the "In Meeting (Basic)" section, ensure that File transfer is toggled off.

Ensure removed participants are unable to rejoin meetings

  1. Log into Zoom.

  2. Choose Settings.
  3. In the "In Meeting (Basic)" section, ensure that Allow removed participants to rejoin is toggled off.

Disable chat for webinars

To disable the chat function for all of your webinars:

  1. Log into Zoom.

  2. Choose Settings.
  3. Scroll down to find "Webinar chat", and then toggle it off (the toggle will change in color from blue to gray.
Note:
You won't be able to re-enable chat from within the live webinar room; this option can be toggled on and off only from the Zoom account settings page.

What you can do during a meeting

To secure settings for a meeting that you've started, or if you need to handle a disruption (if someone has interrupted the session, for example), you have several options.

For more, see Zoom: Managing disruptions during meetings (Video tutorial).

Note:

If you're using a Windows, macOS, or Linux Zoom desktop client, you can use Zoom's Security feature in your meeting controls to quickly set some options for a meeting you've started; these include locking the meeting, enabling a waiting room, disabling screensharing, and more. For details, see In-meeting security options.

zoom icon that looks like a shield and has the word security below it

Designate a co-host

Depending on the size of your meeting, it may be difficult to both run your session and moderate your participants. One or more co-hosts can help with these responsibilities while you conduct your meeting. For details about what co-hosts can and cannot do, see Enabling and adding a co-host.

To promote a participant to co-host:

  1. In the Zoom meeting window, choose Manage Participants. A tab called Participants should appear on the right.
  2. Hover over the name of the desired co-host and select More.
  3. Choose Make Co-Host.

Prevent participants from screen sharing

  1. In the Zoom meeting room window, select the arrow next to "Share Screen", and then select Advanced Sharing Options.
  2. Under "Who can share?", select Only Host.

Restrict chat

Restricting chat to only the host allows the host to still be able to take questions from the audience without allowing attackers to spam offensive messages that are seen by all. To restrict chat:

  1. In the meeting controls, select Chat.
  2. At the bottom of the in-meeting Zoom group chat window, select More. Under "Participant Can Chat With:", select Host only (or No one, if you don't want participants to use the Chat feature).

For more, see Enabling or disabling in-meeting chat.

Restrict and clear annotations

By default, the annotation feature is disabled for Zoom at IU meetings. but you can enable the annotation feature on your account if you wish to use it. Once enabled, anyone in your meetings, including your participants, can annotate the screen share. However, once a screen share has started, the host can disable the ability for attendees to add annotations.

Disabling annotations will not remove annotations that the attacker made prior to the setting change. The host or co-host can use the annotation tool to clear all current annotations.

To disable annotations in-meeting:

  1. Start sharing normally.
  2. In the control panel at the top of the screen, choose More.
  3. Select Disable Annotation for Others.

Mute the participant

To mute a participant:

  1. In the Zoom meeting room window, choose Manage Participants. A tab called Participants should appear on the right.
  2. Hover over the name of the desired participant and select More.
  3. Choose Mute.

Stop the participant's video

To disable a participant's video feed:

  1. In the Zoom meeting room window, choose Manage Participants. A tab called Participants should appear on the right.
  2. Hover over the name of the desired participant and select More.
  3. Choose Stop Video.

Remove the participant

To remove a participant from the meeting:

  1. In the Zoom meeting room window, select Manage Participants. A tab called Participants should appear on the right.
  2. Hover over the name of the desired participant and select More.
  3. Choose Remove.

Lock the meeting

Once a meeting is locked, no one else can join. To lock your meeting:

  1. In the Zoom meeting room window, select Manage Participants. A tab called Participants should appear on the right.
  2. Select More in the bottom right.
  3. Choose Lock Meeting.

Related documents

Secure publicly advertised Zoom meetings

This is document ativ in the Knowledge Base.
Last modified on 2024-01-09 14:40:33.