Zoom Security Guide

Cases of “Zoombombing” have started to hit Case Western Reserve University meetings, including classes. Zoombombing is when a malicious individual finds an open Zoom meeting link and enters the meeting to disrupt it verbally or by sharing inappropriate material. Below are simple actions you can take to protect your meetings.

Top three recommendations for securing your meetings against Zoombombing

  1. Don’t publish your Zoom meeting ID or URL publicly. If you need to share the details for a public event please contact the [U]Tech Help Desk for more information on taking additional measures to secure your meeting.
  2. Set your meetings to only allow authenticated users (assuming you have no guests who are external to CWRU)
  3. Set a waiting room for your meetings

See the sections below for details on how to use these top four settings in your meetings and for other recommendations on how to use Zoom safely and securely.

  • Check for Zoom application updates often, at least once a week. (Click on the profile icon in the upper right of the application and select “Check for Updates.) Note: As of May 30th, 2020 all users are required to use Zoom 5.0 or higher.
  • Don't post Zoom links on a public website or in social media. If you need to share the details for a public event please contact the [U]Tech Help Desk for more information on taking additional measures to secure your meeting.
  • Don't use your personal meeting ID for meetings
  • Schedule your meetings at https://cwru.zoom.us to get the full set of security options for your meeting
  • All new meetings will use a password by default after May 30th, 2020. No changes are required in order to apply passwords to your meetings. Passwords are included in the meeting link so you don't need to send it to your participants separately.
  • If you don't have guests external to CWRU, consider selecting "Only authenticated users can join meetings". Note: students often join meetings as guests, so this could be disruptive for classes hosted in Zoom.
    • When prompted to log in, users should click the “Sign in with SSO” button
  • If you don't want participants to join/interact before the host enters, uncheck "Join Before Host". Set an alternate host if you need a backup host.
  • Consider turning on the “waiting room” for your meeting so that you can scan who wants to join before letting everyone in.

(Log into cwru.zoom.us and click on Settings) consider the following account-wide options:

  • To protect your meetings, screen sharing has been set to "host only" for everyone. (To always allow participants to share their screens in meetings you host, log into cwru.zoom.us go to Settings, and find "Who can share?").
    • You can grant participants the ability to share their screen on the fly during the meeting by clicking the up arrow next to the "Share Screen" button.
    • Select "Advanced Sharing Options"
    • Change "Who can share?" to "All participants"
  • Disable annotation if you don't need it. (log into cwru.zoom.us go to Settings, and find "Annotation"). This disables annotation for the host and all participants, so only do this if you don't need annotation yourself.
  • Uncheck "File Transfer" unless you know this feature will be required 
  • Uncheck "Allow Removed Participants to Rejoin" so that participants who you have removed from your session cannot re-enter

When you are hosting a meeting, use the “Security” button to quickly and easily lock your meeting to the current set of participants, turn on a waiting room for anyone who has not joined yet, or allow or block participants from chatting, sharing their screens, or renaming themselves. (Note, if you do not have the “Security” button when hosting a meeting, update your Zoom application.)

Zoom Security settings. Lock meeting, Enable waiting room, allow participants to share screen, chat, or rename.
  • You can access the security settings for sharing an individual Zoom cloud recording by:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Recordings”
    • Click the recording URL
    • Click the “Share” button
    • By default, the recording will be set to require CWRU SSO
    • You can change to “Publicly” (only set if you are okay with anyone seeing the video) or “Password protect”
    • If you set a password, be sure to distribute it to your audience via email, Canvas, etc.
  • You can set the Zoom recording defaults for your account by:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Settings”
    • Click the “Recording” tab
    • Adjust default security settings for your recordings, including:
      • Require SSO
      • Require a password
  • If you need to share the video with a specific group of CWRU users, you can:
    • Log into cwru.zoom.us
    • Under “PERSONAL”, click “Recordings”
    • Click the recording URL
    • Click the “Download” button
    • Upload the video file (.mp4) to Google Drive or Box and then share with your audience. Google Drive and Box have built-in video players.
  • If you record locally in Zoom, you can share your recording by:
    • Upload the local recording to Google Drive or Box and then share with your audience. Google Drive and Box have built-in video players.
  • For information about Zoom recordings visit our Zoom Recording Guide