Recommended Security Measures for Zoom Meetings

  • Faculty & Staff

Protect the privacy of your Zoom meetings

On this page:

 

Class sessions & office hours

  1. Use the Zoom integration in Canvas for class sessions.  The integration makes it easy to schedule class sessions, invite students, and securely share recordings. 
  2. Do not post Zoom meeting links on open web pages. If you don’t use Canvas, send class meeting links to students using your class mailing list.
  3. Limit participation to authenticated users from Penn.  When scheduling your meetings, check the box that requires authenticated users.  Students will have to be logged in with a Penn Zoom account to join the class meeting.  See additional details.
  4. Add a Waiting Room. The Waiting Room feature allows the host to control when a participant joins the meeting. See below for a special note below about Waiting Rooms
  5. Verify that “Allow Removed Participants to Rejoin”  is disabled in your account settings.  This is set to OFF by default for SAS users.
  6. Become familiar with the Zoom security tools available to meeting hosts. These tools can help you manage behavior while the meeting is in progress

 

Private meetings other than class sessions

(research meetings, staff meetings, one-on-one meetings)

  1. Do not post Zoom meeting links on open web pages.   You shouldn’t put Zoom links on your personal home page, web site for your lab group, social media or any other site that is available to the general public.
  2. Don’t use your Personal Meeting Room. Establish unique meetings for each group.
  3. Private meetings should be sent directly to users through the outlook, ical or google calendar while creating the event or by clicking the 3 dots next to the event and copying the invitation information and sending it via email.
  4. Limit participation to authenticated users from Penn.  For meetings that only include people from Penn, check the box that requires authentication. Participants will have to be logged in with a Penn Zoom account to join the meeting. See additional details.
  5. Add a Waiting Room. The Waiting Room feature allows the host to control when a participant joins the meeting. See below for a special note about Waiting Rooms
  6. Verify that “Allow Removed Participants to Rejoin”  is disabled in your account settings.  This is set to OFF by default for SAS users.
  7. Become familiar with the Zoom security tools available to meeting hosts. These tools can help you manage behavior while the meeting is in progress

 

Public Events

  1. Be selective about how you publicize your event.  Zoom Bombers actively monitor social media for Zoom meeting links and target them for disruption.  If possible, use established mailing lists or other trusted channels to publicize your event; avoid posting meeting links on Twitter or other social media. Only post your registration link; do not post the actual meeting link.
  2. Don’t use your personal meeting link or re-use the same link for multiple events.  Create a new meeting for each event
  3. Require registration.  If practical, set the registration to require manual approval.  This allows the host to check for suspicious names or email addresses before the event.
  4. Configure the meeting so that participants have video off and audio muted upon entry. You set these options when scheduling the meeting.
  5. Verify that “Allow Removed Participants to Rejoin”  is disabled in your account settings.  This is set to OFF by default for SAS users.
  6. Have a co-host in the meeting prepared to act in case of disruptive behavior.  This person should be familiar with all the controls in the Zoom Security Toolbar
  7. For large or very important meetings, consider using a webinar.  Contact SAS Computing for details  instructional-support@sas.upenn.edu

 

Special Note About Waiting Rooms

  1. A Waiting Room can be added to any meeting.  However, settings that govern the Waiting Room will apply to all of your meetings.  Waiting Room options can NOT be configured differently for each meeting.  
  2. See details about Waiting Room settings: Users not in your account is recommended for most teachers, especially those with large classes.  Participants logged in through Penn Zoom accounts will be automatically admitted to the meeting; others will be held in a queue and can be manually admitted by the host.
  3. When setting the Waiting Room options, consider  what will work best for most of your meetings.  But recognize that the settings will apply to any meeting that includes a Waiting Room 

Other Resources

  1. Zoom security guidance from Penn's Information Systems and Computing
  2. Best Practices for Securing your Zoom Meeting guidance provided by Zoom

Top of Page