Security

Tips & Recommendations

Preventing “Zoom Bombing” & Other Best Practices

Note: it is not always possible to tell if someone is recording a meeting (e.g. they could use a second device)

Do not use your Zoom Personal Meeting Room (the same ID) for every meeting you host
- Best practice: generate new meeting IDs per session. Choosing recurring meeting option when scheduling will do this automatically
Avoid sharing Zoom meeting IDs and links on public sites like Facebook; use internal channels such as bCourses and bMail
Keep your Zoom desktop client/app updated
Only access or download Zoom client from legitimate sites
- UCB personnel should use https://berkeley.zoom.us/
Add passcodes to meetings/classes
Do not share Zoom meeting IDs and links on public sites, or make photos of meetings/courses with Meeting ID or participants visible
- Search engines will index links and make them accessible to anyone who searches for them
- Can also help prevent unwanted interruptions during other meetings
- Use internal channels such as bCourses and bMail
Use Waiting Rooms
- You can customize your waiting room text and description for both students and unintended guests (e.g., class name/agenda, disclaimer around permitted meeting access)
  - NOTE: The waiting room template is synchronized and applied on all your meeting sessions you host. The only way to customize new messaging is by editing each time manually before a meeting starts
- Host will be alerted when anyone joins the meeting and can see those waiting by clicking on the 'Manage Participants' button on the meeting toolbar
- Hosts can also send one-way messages to people waiting, or put participants back in the waiting room after they’ve joined the meeting
- Set waiting room setting to “Guest Participants Only” so in-network participants will go to the meeting while out-of-network (non-UC account) attendees will enter Waiting Room and need approval to join class
Remind people to make sure their Zoom profile name match their real name
Review this brief (6.5 min) Zoom Video Tutorial on Securing Meetings & Virtual Classes

Enabling Two-Way Chat in Waiting Room

Zoom update 5.8.3 allows waiting room participants to reply to chats from meeting hosts and co-hosts, increasing participants' ability to communicate with meeting hosts (source: Zoom Community). Host and co-host(s) can message everyone or a specific attendee in the waiting room.

To enable: Go to Account Meeting Settings in web browser >> Waiting Room Options, Under Security header

Known Issues/Limitations:

This option needs to be enabled in the meeting host's Zoom browser account settings
Only participants with Zoom v. 5.8.0 or higher will be able to join when two-way Waiting Room chat is enabled by a host. Participants with older versions of Zoom will be asked to update their app before joining
Chat must be initiated by a host; waiting room participants can only message after being contacted

Campus Guidelines on Securing Zoom

Review Berkeley Information Security Office’s recommended settings for securing Zoom

Please refer to the most recent Berkeley-specific security updates here.

Zoom Security Enhancements

In order to bolster security settings and minimize disruptions to instruction, default Zoom meeting and account settings include:

All participants and hosts are required to sign into a Zoom account prior to joining a meeting hosted by UC Berkeley
Passcodes or Waiting Room enabled by default for new meetings
Participants muted upon entry

To allow easier access, Passcode and Waiting Room settings are now displayed under the Security section when scheduling a new meeting:

Visit your Zoom profile and Zoom meeting settings pages to make needed adjustments. More info available at this Zoom Help Center link.

Locking/Unlocking a Meeting

If you want to prevent additional participants from entering the meeting, you can lock it.

1. Click anywhere on the video window, and then click on the "Manage Participants" button that appears along the bottom.

2. When a new panel appears, click on the "More" option in the lower right hand corner, and then select "Lock Meeting".

3. If new participants try to enter the meeting, they'll see a notification that the meeting has been locked by the host.

Removing a Participant From a Meeting

If you want to disconnect a current participant from the session, you can. However, unless you also lock the meeting afterward, they can just re-enter.
To remove a participant, click anywhere on their video window, and then click on the three dots that appear in the upper right hand corner. Then select "Remove" from the list that appears.
- If you are Speaker View, switch to Gallery View first.

Suspend All Participant Activities

Zoom update 5.4.3+ gives hosts a new option in the Security icon from the meeting menu toolbar.

This will immediately suspend all participant activities, which will lock the meeting, mute all video and audio, stop screen sharing, end all breakout rooms, and pause recording.

Page updated

Report abuse