Best Practices for Securing Your Zoom Meetings

Friday, February 26, 2021, 2:45pm

TO: All Employees 
 FR: David Chun, Chief Information Officer
        Justin Lipp, Ph.D., Director of Center For Teaching and Learning
        Andru Luvisi, Information Security Officer
When participating in video calls, we open ourselves to some threats that we all need to be aware of. Unfortunately, there are people who join open Zoom sessions to cause disruption and to listen in on meetings to potentially gain sensitive information. At Sonoma State, we have experienced at least one incident involving this nefarious behavior, so we urge all faculty and staff to carefully review the resources below to protect Zoom sessions. A separate communication will go out to students with information about Zoom best practices and upcoming workshops covering Zoom security features.

  • If there is a disruptive participant in your meeting, you can remove them. Click on ‘Participants’ at the bottom of your Zoom window, then select ‘More’ and ‘Remove’ for the participant you want to eject from the meeting.
  • If someone disrupts your Zoom class, please remove the offender immediately and inform your class of the incident. We recommend that you make a statement to your students condemning such classroom disruption and reasserting our commitment to an inclusive, safe learning environment at Sonoma State.

The IT Department recommends that all Zoom meeting hosts review Best Practices for Securing Your Zoom Meetings. To protect yourselves from disruptive users in Zoom, here are some options to consider:

  • If your Zoom meeting is an SSU class and all of your attendees are Sonoma State community members, configure your Zoom meetings to only allow authenticated users to enter to make it harder for non-SSU community members to join and interfere.
  • Avoid hosting large meetings using your Personal Meeting ID (PMI). Your PMI is essentially one continuous meeting, and you don't want trolls invading your personal virtual space. Instead, Zoom suggests using random meeting IDs for your large meetings.
  • Require a password to join your meetings. You can require a password for all meetings by signing into Zoom, clicking on ‘Settings,’ and enabling the ‘Require a passcode when scheduling new meetings’ and ‘Require a passcode for instant meetings’ options. If you enable the ‘Embed passcode in invite link for one-click join’ option, users will still be able to join your meeting by clicking on your links without having to manually type in a password. 
  • Enable the Waiting Room feature of Zoom, which places attendees into a waiting room until they are explicitly admitted to the meeting by the host.
  • Disable the ability for guests to present or annotate presentations if you do not need guests to use these features.
  • If you host large events open to the public, where attendees should not be allowed to speak or turn on their cameras, please contact IT to discuss the use of Zoom's ‘Webcast’ feature. This function prevents guests from participating in any way other than observing unless they are specifically authorized.

Support Resources for Staff and Faculty

Staff: Contact the IT Help Desk for assistance with VPN access, remote desktop, Multi-factor Authentication (MFA), Zoom, and other technical inquiries. The Help Desk is open 8:00 am - 5:00 pm, Monday through Friday.  Connect the IT Help Desk through any of the following ways:

Upcoming Staff Zoom Security Training

Faculty: The Center for Teaching and Educational Technology (CTET) team can provide faculty with support using Canvas, Yuja, or Zoom. We are happy to consult with you on the Zoom settings for your class to make sure that you are effectively securing your class sessions. We are available to provide pedagogical advice with redesigning assessments and final projects as we move toward the end of the term while teaching remotely.  We have regular workshops on Zoom on a variety of topics. CTET is open Monday through Friday, 8:00 am - 5:00 pm.

Upcoming Faculty Zoom Security Training