As one of the most popular web-conferencing tools, Zoom has become a target for online attacks. In addition, Zoom, as an outside vendor, can choose to share user data with other companies. For these reasons, we recommend doing the following in order to use Zoom securely.
Prevent Zoom bombers
Zoom bombing occurs when an unwanted participant joins a meeting and disrupts it through inappropriate behavior such as yelling obscene language or sharing inappropriate materials. These attacks exploit Zoom’s default meeting settings, rather than security gaps in the software itself.
Meeting Settings
Zoom has responded to the threat of Zoom bombing by making defaults for educational licenses such as Bryn Mawr’s more restrictive. When scheduling a meeting, please do not change the following default settings. They are designed to keep Zoom bombers out of your meeting:
- Randomly generated meeting ID: When you create a new meeting, Zoom generates a random meeting ID number. Use this instead of your Personal Meeting ID, which remains the same from meeting to meeting and is therefore more vulnerable to being shared with unwanted guests.
- A “waiting room” for all participants: When the "waiting room" setting is enabled, hosts have to manually admit participants before they can join a meeting. By leaving this setting on, you can block anyone from joining a meeting who shouldn't be there.
- Disabling of the "Allow participants to join anytime" setting: This prevents anyone from joining the meeting before you start it.
- Restrict attendance to people who have logged in with a Bryn Mawr or Tri-Co Zoom account: Go to Security > Require Authentication to Join within your meeting settings to turn this feature on. Then, select Sign into BMC Zoom account or Sign into BMC, Haverford or Swat Zoom account from the drop-down menu.
Note: If you are unable to join a meeting where the host has required authentication with a BMC or Tri-Co account, make sure you are logging in with your college Zoom account instead of a personal one. Bryn Mawr students should read check if you are signed in with a BMC account for more information.
Sharing meeting links
- Be very careful whom you share a "join" link with. Anyone who has this link will be able to join the meeting. The meeting link also includes the meeting password into the meeting link -- look for "?pwd=" in the meeting URL.
- Never post "join" links publicly! If need to post a webinar or meeting on a web page or social media, turn registration on and post the registration link instead. See Zoom: Use registration to secure meetings.
During a meeting
Once a meeting has started, hosts and co-hosts can also limit participant behavior to prevent Zoom bombing:
- Click Security and uncheck options (chat, share screens, etc.) under Allow participants to to immediately disable them for everyone in the meeting.
- To grant or remove permissions for individual participants, click Participants > More.
Remove disruptive users
Responsibly share Zoom recordings
Keep your Zoom app up-to-date
Encryption
By default, the audio, video, and shared content in Zoom meetings and webinars is encrypted in transit between Zoom servers and participants using the Zoom client.
You can optionally enable end-to-end encryption for individual meetings or as the default for your account. This provides the same level of encryption, but stores the decryption keys on participants' devices rather than on Zoom servers. However, it disables many meeting functions, including polling, whiteboards and recording to the cloud. See Using end-to-end encryption for more details.
Third-party integrations and privacy concerns
Questions?
If you have any additional questions or problems, don't hesitate to reach out to the Help Desk!
Phone: 610-526-7440 | Library and Help Desk hours
Email: help@brynmawr.edu | Service catalog
Location: Canaday Library 1st floor
