Best Practices for Securing Zoom Meetings
Here are some features you can take advantage of when you’re scheduling your meeting to make it more secure.
Enable Waiting Room Feature
The Waiting Room feature allows the host to control who enters the meeting and when a participant joins the meeting. As the meeting host, if you turn on Enable waiting room for your meeting, all attendees are placed in a Waiting Room when they click the link to join your meeting. The host can then admit attendees from the Waiting Room one by one or admit them all at once.
When scheduling or editing your meeting, under Security, check Waiting Room.
While already in a meeting, you can Enable Waiting Room by clicking on Host Tools in the bottom toolbar.
As the meeting host, during the Zoom session you can admit attendees from the Waiting Room one by one or hold all attendees in the Waiting Room and admit them all at once.
Click Participants. To admit an individual participant, click Admit next to the participant's name to allow that participant join the meeting.
To admit all of the participants in the Waiting Room, click Admit all.
If you would like to send a message to a participant in the Waiting Room, simply click Message.
If you would like to send messages to all participants in the Waiting Room, click Chat and select Waiting room participants. Once the message has been sent, the participants in the Waiting Room will see the message on the Waiting Room screen.
Enable Passcode Protection
Passcode protect your meetings by checking Passcode in the Host Tools section when scheduling or editing your meeting. Enter an alphanumeric password.
The passcode is automatically populated in the calendar invitation. This means that only people with both the meeting ID and passcode can join your meeting.
Disable "Allow Participants to Join Anytime" Feature
The self service Zoom web portal is accessed by selecting the Zoom icon via the MyStevens portal or by going to www.stevens.edu/zoom and selecting Sign In.
Select Schedule a Meeting in the upper right hand corner.
When scheduling your meeting, you have the option to either allow participants to join anytime, or not. If you don’t select this option, no one can join the meeting without the host being there to start the meeting. This gives you greater control over the meeting. If you do select Allow participants to join anytime, you will receive an email notification when a participant joins before you.
Enable the “Require authentication to join” Feature
The Require authentication to join feature enables a meeting host to prevent anyone who does not have a Stevens username and password from joining a Zoom meeting. The Authentication Exceptions feature allows the meeting host to invite non-Stevens participants to join the meeting as an exception to the Require authentication to join setting. This feature can be used to invite non-Stevens participants such as guest speakers to Zoom sessions.
To schedule a Zoom meeting using Require authentication to join
- Click on Schedule a Meeting in the Zoom web portal or in Zoom inside Canvas.
- In Host Tools, select the checkbox next to Require authentication to join
- You will see MyStevens Username and Password and *stevens.edu.
To add non-Stevens participants to the Authentication Exceptions features
- Click on Add next to Authentication Exceptions
- In the popup window, add the name(s) and email address(es) of the non-Stevens participants you would like to invite to the meeting. To add additional participants, click on +Add Participant.
NOTE: The participants added using Authentication Exception will automatically receive unique meeting invite links via a separate email. These links will allow them to bypass authentication. Do not send these participants the meeting link that is shared with and used by Stevens participants.
- The name(s) and email address(es) of the non-Stevens participants added as exceptions will now appear below Authentication Exception
Anyone who tries to join the Zoom meeting without first signing in to Zoom with an @stevens.edu email address and password will be prevented from joining, except the non-Zoom participants listed under Authentication Exception.
Participants who are not signed into Zoom will see a message like this one, prompting them to sign into Zoom with a Stevens account:
The participant must select Sign In with SSO (NOT Sign In with Google).
Then enter stevens into the box that appears. Click on Continue.
The participant may then be prompted to enter their Stevens username and password in order to connect to the Zoom session. The participant should enter their Stevens credentials.
After the participant enters their myStevens credentials they may receive a message that says “Sign in with SSO.” They should click on the blue Launch Zoom button.
They will then be entered into the Zoom session.
Promote Your Zoom Meeting to Participants DGS
Avoid posting the Zoom invite on public websites at all costs. If you want to have the Zoom session accessible from a link on the internet, always hyperlink text to the Zoom meeting. For example, instead of posting the Zoom URL, you can instead say "Enter the Zoom meeting by clicking on this link".
Be Careful When Creating a Customized Personal Link
Your personal link is the personal URL that is associated with your personal meeting room in Zoom. If you create a customized personal link that is easy to guess (e.g., your first initial plus your last name), unauthorized users may attempt to guess the customized personal URL and join your personal meeting room.
A best practice is not to create a customized personal link on your Zoom profile page.
If you have already created a customized personal link, we recommend deleting this from your account by following these steps:
Go to the Zoom web portal and click Profile. Scroll until you see Personal Link, then click Customize.
To the right of Personal Link, click Customize.
Select the personal link text in the box.
Delete the personal link text and click Save Changes.
Your Personal Link information should now read, "Not set yet".
Securing Zoom When Running Your Class or Meeting
The meeting host has a variety of controls that can be used to secure their meeting.
Lock Screen-sharing
Due to 'Zoom-bombing' reports, as of March 26th the screen sharing settings have automatically defaulted to Only Host. This setting gives hosts sole permission to share content within their meetings by default.
If you’d like to give participants screen sharing permission during your meeting, simply click the Host Tools button and enable Share Screen.
Prevent Participants from Annotating
During a meeting, you can prevent attendees from making annotations while you are screen sharing. By default, annotations are available to all participants, however you can disable this as soon as your meeting begins to prevent any unwanted distractions from other participants during the meeting. After sharing, you can select the More option from the meeting control bar and select Disable Annotation for Others. This setting can be reverted at any time during the meeting.
Use Caution When Opening Links in the Zoom Chat Window
Similar to a phishing attack, opening any malicious link in the Zoom chat window can allow someone to gain access to user credentials though the actions of unsuspecting users. Only the host should post links if necessary and should specifically notify the meeting participants when doing so.
Restrict Participants’ Ability to Chat
If you’d like to disable participants' chat permission when hosting your meeting, simply click the Host Tools button and disable Chat.
Lock the Meeting
When you’re in the meeting, click the Host Tools button at the bottom of your Zoom window and enable Lock Meeting. When you lock the meeting, no new participants can join, even if they have the meeting ID and password.
Restrict Participants’ Ability to Rename Themselves
When you’re in the meeting, click the Host Tools button at the bottom of your Zoom window and disable Rename Themselves to restrict participants' ability to rename themselves.
Suspend Participant Activities
Click the Host Tools button and select Suspend Participant Activities. This will immediately mute all video and audio, stop screen sharing, end all breakout rooms, and pause recording in the event of a Zoom-bombing or inappropriate behavior.
Remove a Participant
Click the Host Tools button and select Remove Participant. In the Participants menu, the Remove option will appear next to the participant’s name. Click that to kick a participant out of the meeting. Unless you have changed your Zoom settings to allow removed participants to rejoin, the removed participant will not be able to come back into the meeting.
Enable Waiting Room During a Meeting
Click the Host Tools button and select Enable Waiting Room for incoming new participants or to give you the option to move current participants into the Waiting Room.
OR you can click Participants in your Zoom host controls. In the Participants menu, mouse over a participant’s name, and several options will appear, including Put in waiting room. Select this option to move the participant to the Waiting Room.
Other host controls include watermarking screen shots and disabling in-meeting chat. Please visit https://support.zoom.us/ for more information about Zoom features and settings.
Experiencing an issue or need additional support? Contact our OneIT Team by