Zoom Security Playbook

The University of Dayton IT team has configured Zoom's privacy and security settings to reduce the possibility of unwelcome guests joining and disrupting your sessions (Zoom Bombing). Still, there are steps you should take to ensure your meeting’s security, and quickly respond if your meeting becomes disrupted.

This article covers the following topics:

Prepare and Upgrade

Avoid Using Third-Party AI Bots for Meeting Help

Avoid Sharing your Zoom Links Publicly

Require Attendees to Authenticate before Joining Meetings

Use the Waiting Room Feature

Prevent, Disable and Remove Zoom Bombers and AI Bots

Additional Zoom Security Information
 

Prepare and Upgrade

Before you conduct a Zoom meeting, use the following guidelines:

1. Upgrade to the latest version of Zoom to take advantage of the security features listed below.
    
2. If you are unfamiliar with setting up a high-stakes meeting, fill out a Zoom Consultation Request.
    
3. Appoint a meeting attendee co-host to act as a potential “security guard” if any issues arise. This person should also be familiar with the participants attending the meeting.
    
4. Be prepared to prevent Zoom bombers and disable and remove them when necessary.
    

Avoid Using Third-Party AI Bots for Meeting Help

Using third-party bots and AI can offer convenience and efficiency when transcribing and recording virtual meetings. While the idea of automating transcription may seem appealing, it's essential to exercise caution and consider the potential security risks associated with third-party solutions.

UDit currently restricts third-party bots (e.g., OtterPilot, Avoma, Fireflies.ai, Dubber, etc.) from accessing calendar event/Zoom session information; they can scrape your calendar for information, join meetings without your consent, and store transcriptions in unknown places or share them without your knowledge. For situations where these tools are necessary, contact HR (Faculty & Staff) or OLR (Students) to discuss appropriate accommodations.

To meet your transcription needs, consider using Zoom's existing audio transcription and captioning capabilities.
 

Avoid Sharing your Zoom Links Publicly

If you can restrict access to your Zoom meeting link, take measures to do so. Whenever possible, avoid placing Zoom links on public facing web pages and social media sites.
 

Require Attendees to Authenticate before Joining Meetings

If your meeting is limited to UD faculty, staff or students, have them authenticate with their UD login. This prevents uninvited external users from joining your meeting.
 

Enable Authentication for a specific meeting

To activate this feature for a specific meeting, follow these steps.

1. Create your Zoom meeting using your preferred method.
    
2. Sign into the UD's Zoom web portal, udayton.zoom.us and click the Meetings link.
    
3. Edit the settings for your created meeting: use the Require authentication to join option and select Require UD Login.  

Once you've activated this setting, no one can access your meeting without signing in with a UD user account.
 

Enable Authentication by default

To have meeting participants and webinar attendees authenticate by default, follow these steps.

1. Sign into the Zoom web portal, udayton.zoom.us and click the Settings link.
    
2. Click the Meeting tab.
    
3. Find the setting labeled Only authenticated meeting participants and webinar attendees can join meetings and webinars and toggle the switch on.
   
   
    

Use the Waiting Room Feature

The Waiting Room feature allows you to screen the names of participants before admitting them into your meeting. Always proceed with caution. Since it's possible for someone to change their Zoom display name to impersonate a legitimate attendee, consider using the Require authentication option and the Waiting Room option at the same time.
 

Enable Waiting Room for a specific meeting

To activate this feature for a specific meeting, follow these steps.

1. Create your Zoom meeting using your preferred method.
    
2. Sign into the Zoom web portal, udayton.zoom.us and click the Meetings link.
    
3. Edit the settings for your created meeting. Scroll to the Security section and select Waiting Room.

Enable Waiting Room by default

To send participants to a Waiting Room by default, follow these steps.

1. Sign into the Zoom web portal, udayton.zoom.us and click the Settings link.
    
2. Click the Meeting tab.
    
3. Find the setting labeled Waiting Room and toggle the switch on.

Prevent, Disable and Remove Zoom Bombers and AI Bots

The best way to deal with a Zoom Bomber or a Zoom Bomber posing as an AI Bot is to stop them from accessing your meeting in the first place. However, if they manage to infiltrate your meeting, prepare yourself! Watch the following video and follow the procedures listed below.

VIDEO | Disabling & Removing Zoom Bombers (3 min.)

Before your meeting, familiarize yourself with the measures you can take to quickly respond to a Zoom Bomber. Disruptive behavior can be damaging to your attendees. It is your responsibility as the meeting host to stop whatever is happening. 

As soon as you detect a disruption do the following:
 

Step 1: Disable all user activity immediately!

Use the Security Shield in your Zoom options to select the option labelled Suspend Participant Activities. 

After a confirmation prompt, this option will immediately do the following:

1. Turn off all microphones, cameras, and screen sharing.
    
2. Lock the meeting, preventing new attendees from joining.
    
3. Hide profile pictures and the ability to change one’s screen name.
    
4. Disable the ability to turn any of the above options back on unless you are the host.
    
5. Send a report to Zoom for their investigation.

Step 2: Address your audience

Assure your audience that you are in-control.

1. Turn your camera and microphone back on.
    
2. Apologize to your audience and explain that you do not tolerate these disruptions and that you are working to resolve the problem ASAP.

Step 3: Remove Zoom Bombers from your session

Step 1 locked the meeting, so once you remove the offending participants, they will not be able to re-enter. 

1. Click the Remove Participant button in the Security Shield area. Carefully scan for names that do not belong and click Remove.
    
2. If you are confident the disruptive participants have all been removed, use the Security Shield to re-enable participation options. Begin enabling features below “Allow participants to:” that are pertinent to your meeting.

Step 4: Practice

Take some time to familiarize yourself with these options. Launch a meeting and conduct a “fire drill” so that you’ll be ready in the event that something happens. You'll want to invite a colleague to your practice meeting - some security options are only available when the Zoom meeting has multiple attendees.
 

Additional Zoom Security Information

In-meeting security options

Managing participants in a meeting

Requiring authentication to join a meeting or webinar

Using Waiting Room