Zoom Video Meeting Best Practices

Tips for smooth and secure video meetings

With the rise of remote work, many teams are using platforms like Zoom for video meetings and a number of security concerns have been raised about Zoom. While Zoom can be helpful for video meetings, it is important to make sure you are using the platform securely.

Zoom has been releasing updates and is working with some top security experts. We will continue to monitor the situation.

This post provides an overview of what Zoom bombing is, video conference best practices, and recommended Zoom settings.

Photo by Allie on Unsplash

What is Zoom bombing?

Zoom bombing is when bad actors join a video conference seeking to disrupt or cause chaos. This has been recently documented in the press and by the FBI. As a member of the Democratic ecosystem, it is important for all of us to take action to prevent griefers from creating chaos during a call.

Zoom offers a number of important controls to protect your meetings. Unfortunately, these controls are not necessarily easy to find, or intuitive. The default settings make it easy for people to join your meetings, but at the expense of good security practices.

Similar to in-person events, which often have a check-in area, event manager, or staff managing the guests, you’ll need to designate staff to do similar functions in an online meeting.

Zoom has also published their own recommendations in their blog post “Best Practices for Securing Your Virtual Classroom” which also includes an informative six-minute review of security controls: Zoom 101: Securing your Meetings & Virtual Classrooms.

Please note that different meeting types will require different settings, and there is no one-size-fits-all checklist. From our experience at the DNC, we have found these additional best practices and settings to be useful to ensure a smooth and secure video conference.

Video conference best practices

1. Change the meeting ID weekly. Important recurring meetings should not use the same meeting ID, especially if you are inviting people outside your organization. It should be different every time.
2. If possible, post the Zoom ID on the same day for more public meetings. This change makes it harder to circulate widely before the meeting time. Similar to how in-person fundraisers share the location and details upon RSVP, this is another way to make sure only your invited guests are in the virtual room.
3. Dedicate one person to act solely as the host. Much like a check-in table or badging area at an event, you should designate one (or more) people as hosts to ensure the right audience. If you implement the controls in the next sections, you will find that managing the Waiting Room and other duties will consume time. It is likely that the person who is acting as the Zoom host will be unable to fully participate in the meeting at the same time. Plan accordingly.
4. Assign staff to moderate the chat room. If you have a large crowd, you can set the chat room so that attendees can only chat the co-hosts. For a crowd of 100+ attendees, we recommend at least 3 staff to moderate the chat box and also should coordinate through Signal or Slack. If you’re answering questions, consider starting a google doc to collect questions and discuss which should be queued up for the panelists.
5. Hold at least one dress rehearsal, especially for meetings with external participants. Have someone play the role of a party crasher who want to enter the meeting uninvited, speak uninterrupted, and share their screens. Have a plan to prevent, detect, and respond to these often offensive intrusions.
6. Be careful about where you store recorded Zoom videos. Reporters have found thousands of Zoom recordings on the internet, and we should assume other bad actors have as well. While we expect Zoom to continue to implement controls to make that less likely, they can’t prevent you from uploading a recording to non-secure storage.

Zoom setting recommendations

While there are several important recommendations in the above links, we want to emphasize the following default settings and best practices. To make these your default settings, log into Zoom and go to “PERSONAL” and then “Settings”. From there, find these settings:

Under the “Meeting” tab:

1. Force “Computer Audio” only. Most people should have access to the Zoom client, especially since we’re all stuck at home. Adding a phone number to a Zoom meeting is an additional security risk because other Zoom participants cannot tell who has called in. It is hard to mitigate this problem without disrupting the entire meeting for all participants. (Like asking “Who just joined? The phone ending in 1234?”)
2. Mute participants upon entry to prevent excessive background noise.
3. Prevent participants from saving chat.
4. Prevent others from sharing their screen. If “screen sharing” is turned on, make sure that under “Who can share?” is set to “Host Only.” This will also require the host(s) to collect any presentations ahead of time, but necessary to avoid technical issues and any unwanted screen sharing.
5. Co-host: Allow the host to add co-hosts. Co-hosts have the same in-meeting controls as the host so that they can help with watching the waiting room, moderating speakers, and assisting with attendees.
6. Enable the Waiting Room. The hosts can then admit participants and ensure that only the intended audience is in the room, much like a check-in table in real life!

Under the “Recording” tab:

1. Turn Off “Allow hosts and participants to record the meeting to a local file”
2. Turn Off “Allow hosts to record and save the meeting / webinar in the cloud”

Complete your security checklist

Having more people working remotely may draw attention from people or groups seeking to undermine your security posture.

We urge you to check out our Security Checklist here, and to have everyone on your team complete each task.