In this time of social distancing, the world has gotten a rapid introduction to Zoom meetings. Zoom has also gotten a rapid introduction to the world. Their daily use has increased from 10 million meeting participants to over 200 million, and with that, everyone has experienced some growing pains.
You may have seen in the news recently there have been some technical, abuse, and privacy concerns with Zoom. Eric Yuan, Zoom CEO, has addressed some of these concerns in a message to users.
We’d like to share our thoughts on these as well as provide some tips around securing your Zoom meetings, the main take-aways being:
- Update your application to reduce vulnerabilities
- Choose your meeting settings to reduce the likelihood of Zoom-bombing
- Make choices to protect your personal information
Vulnerabilities in an application aren’t unique to Zoom, and our advice, as with any application, is to keep your software up-to-date.
There have been reports of “Zoom-bombing” where uninvited participants join your meeting.
Protect your Meeting Links
You can’t Zoom-bomb if you can’t join the meeting, so the first step is protecting access to your meeting link. We suggest you post the link to your course meetings in your Moodle course where only your participants have access to them. You should not post links to your meetings to public websites or social media.
Also, rarely use your personal Zoom Room. Your PMI (Personal Meeting Room ID) never changes, so anyone you’ve ever shared that link with can join any meeting in your Zoom Room at anytime. By default, when you setup a new meeting it does not use your PMI.
Know your Meeting Settings
Zoom offers a range of settings for each meeting to help you make your sessions more secure.
All meetings created on or after 4/6/2020 have a password added to them by default. This will make someone guessing the link to your meeting much more difficult. Participants will use the link for your meeting just as they did before the password add (the password is automatically embedded in the link). Still be mindful of how you distribute the link to your meeting.
You can add a password to an existing meeting. Once a password is added to a meeting, you should redistribute the modified link or distribute the password to your attendees. Click here for more information about adding a password to scheduled meetings.
You can use the Waiting Room feature. This feature doesn’t let anyone join the meeting unless you explicitly grant them access using the Participants panel. Click here for more information on the Waiting Room.
Finally, some other things you can do to minimize the risk of Zoom-bombing:
- Set your meeting to mute all participants when they join
- Set your meeting to not allow participants to unmute their own microphone
- Lock the meeting once all attendees have arrived. This will prevent anyone else from joining the meeting (including late students)
The settings for your meetings can be managed at https://zoom.us/profile/setting and once in a meeting, you can control the participants microphones, lock the meeting, or forcibly remove people from the meeting, using the Participants panel.
There have been privacy concerns around who Zoom shares data with, including Facebook and LinkedIn. Zoom has updated their app and changed their policies around data sharing, so be sure to apply Zoom app updates on your computer or mobile device.
If you have privacy concerns around using the full Zoom application, you can choose to use the Zoom web app, which only requires a web browser. Click here for information on how to join a Zoom meeting using the web app.
If your meeting only requires audio, you can also join from a traditional telephone by dialing in.
As with most technologies, Zoom is not perfect. There are positive and negative aspects of using it, just as there are risks involved with having a conversation with anyone in the world. We believe the advantages of being able to share knowledge and maintain personal connections at this time, combined with some techniques to help manage the technology, outweigh the risks.
We will continue to monitor the technology landscape around all the tools we rely on, evaluate the risk of using them, and provide changes or guidance around them.