Zoom Security Guide

Password changes on July 28th, 2020

Beginning on July 28th CWRU will require passwords on all Zoom meetings and webinars, including those created before May 30, 2020 as well as those using your Personal Meeting ID (PMI). Zoom has announced a password requirement will be applied during the fall semester, so UTech is making the change during the summer to be less disruptive to our community. This will provide the safest online learning environment for our faculty and students and will mitigate almost all Zoombombing attempts in the future.

For meetings and webinars scheduled before May 30 that still do not have a password, or meetings using your PMI, you will need to send updated invitations to your users. Use the following steps to find the updated meeting password and link.

  • Log into cwru.zoom.us.
  • Click on “Meetings” on the left.
  • In the meetings list, find the meeting for which you need the password and click on the name of the meeting.
  • Find the line labeled Meeting Password and click the “show” link.
    Screen shot of Zoom show password link
  • You can simply email this password to your attendees or add it to your Google Calendar meeting description. You can also click the “Copy Invitation” link to copy the entire invitation and paste it into an email or the description field of a Google Calendar meeting.
    screenshot of Zoom's copy Invitation link
  • If you use Google Calendar’s “Add Conferencing” button to add Zoom to your meetings, you’ll need to either remove the existing Zoom meeting and re-add new conferencing details and then notify your users of the change, or include the password in the description of the event so your users can find it. You may also need to email them directly to let them know the password.
  • This change does also apply to previously scheduled webinars. Be sure to update your webinar participants of the meeting password!
     

General Security Best Practices

Cases of “Zoombombing” have started to hit Case Western Reserve University meetings, including classes. Zoombombing is when a malicious individual finds an open Zoom meeting link and enters the meeting to disrupt it verbally or by sharing inappropriate material. Below are simple actions you can take to protect your meetings.

Top three recommendations for securing your meetings against Zoombombing

  1. Don’t publish your Zoom meeting ID or URL publicly. If you need to share the details for a public event please contact the [U]Tech Help Desk for more information on taking additional measures to secure your meeting.
  2. Set your meetings to only allow authenticated users (assuming you have no guests who are external to CWRU)
  3. Set a waiting room for your meetings

See the sections below for details on how to use these top four settings in your meetings and for other recommendations on how to use Zoom safely and securely.

  • Check for Zoom application updates often, at least once a week. (Click on the profile icon in the upper right of the application and select “Check for Updates.) Note: As of May 30th, 2020 all users are required to use Zoom 5.0 or higher.
  • Don't post Zoom links on a public website or in social media. If you need to share the details for a public event please contact the [U]Tech Help Desk for more information on taking additional measures to secure your meeting.
  • Don't use your personal meeting ID for meetings
  • Schedule your meetings at https://cwru.zoom.us to get the full set of security options for your meeting
  • All new meetings will use a password by default after May 30th, 2020. No changes are required in order to apply passwords to your meetings. Passwords are included in the meeting link so you don't need to send it to your participants separately.
  • If you don't have guests external to CWRU, consider selecting "Only authenticated users can join meetings". Note: students often join meetings as guests, so this could be disruptive for classes hosted in Zoom.
    • When prompted to log in, users should click the “Sign in with SSO” button
  • If you don't want participants to join/interact before the host enters, uncheck "Join Before Host". Set an alternate host if you need a backup host.
  • Consider turning on the “waiting room” for your meeting so that you can scan who wants to join before letting everyone in.

(Log into cwru.zoom.us and click on Settings) consider the following account-wide options:

  • To protect your meetings, screen sharing has been set to "host only" for everyone. (To always allow participants to share their screens in meetings you host, log into cwru.zoom.us go to Settings, and find "Who can share?").
    • You can grant participants the ability to share their screen on the fly during the meeting by clicking the up arrow next to the "Share Screen" button.
    • Select "Advanced Sharing Options"
    • Change "Who can share?" to "All participants"
  • Disable annotation if you don't need it. (log into cwru.zoom.us go to Settings, and find "Annotation"). This disables annotation for the host and all participants, so only do this if you don't need annotation yourself.
  • Uncheck "File Transfer" unless you know this feature will be required 
  • Uncheck "Allow Removed Participants to Rejoin" so that participants who you have removed from your session cannot re-enter

When you are hosting a meeting, use the “Security” button to quickly and easily lock your meeting to the current set of participants, turn on a waiting room for anyone who has not joined yet, or allow or block participants from chatting, sharing their screens, or renaming themselves. (Note, if you do not have the “Security” button when hosting a meeting, update your Zoom application.)

Zoom Security settings. Lock meeting, Enable waiting room, allow participants to share screen, chat, or rename.
  • You can access the security settings for sharing an individual Zoom cloud recording by:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Recordings”
    • Click the recording URL
    • Click the “Share” button
    • By default, the recording will be set to require CWRU SSO
    • You can change to “Publicly” (only set if you are okay with anyone seeing the video) or “Password protect”
    • If you set a password, be sure to distribute it to your audience via email, Canvas, etc.
  • You can set the Zoom recording defaults for your account by:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Settings”
    • Click the “Recording” tab
    • Adjust default security settings for your recordings, including:
      • Require SSO
      • Require a password
  • If you need to share the video with a specific group of CWRU users, you can:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Recordings”
    • Click the recording URL
    • Click the “Download” button
    • Upload the video file (.mp4) to Google Drive or Box and then share with your audience. Google Drive and Box have built-in video players.
  • If you record locally in Zoom, you can share your recording by:
    • Upload the local recording to Google Drive or Box and then share with your audience. Google Drive and Box have built-in video players.
  • For information about Zoom recordings visit our Zoom Recording Guide