Skip to main content

One Step Ahead: Use Zoom More Securely

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

During the COVID-19 crisis, the Zoom video conferencing platform became the application of choice for meetings and teaching for several University Schools and Centers due to its ease of use and availability on multiple platforms. However, the sudden growth in Zoom traffic exposed security and privacy vulnerabilities which have the potential to be exploited. One problem is “Zoombombing,” when uninvited attendees can join and disrupt meetings.Though Zoom has been actively working to mitigate and fix these vulnerabilities with updates to the application and usage recommendations, you should also take steps to protect the privacy and security of your meetings:

  • Use randomly generated meeting IDs,* rather than the personal meeting ID uniquely associated with your individual Zoom account, for public meetings. This helps to ensure only invited attendees will know the meeting ID.
  • Require a password to join.* Enabling the option “Require a password when scheduling new meetings” and “Require a password for instant meetings” allows only attendees with the meeting password to join the meeting. Avoid sharing the meeting password in a public forum.
  • Manage participants.
    1. Use waiting rooms.* The host can screen everyone entering the meeting in the waiting rooms to restrict only those invited to enter the meeting.
    2. Disable “Allow Removed Participants to Rejoin”* so that removed individuals can’t rejoin.
    3. Lock your meeting. After attendees join the meeting, lock your meeting from the security menu to prevent unwanted attendees from joining.
  • Set screen sharing to “Host only” and disable “File Transfer”.  File transfer is disabled by default. Unless you need the feature, leave it disabled to avoid participants passing viruses or other malicious content to others.
  • Keep the Zoom application and your computing device up-to-date with the latest security patches.

*This is the current default setting in Zoom for newly scheduled meetings.

For additional security and how-to tips, visit https://www.isc.upenn.edu/security/news/zoombombing or https://www.isc.upenn.edu/security/privacy-using-zoom

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead

Back to Top