Zoom Security Tips & Tricks

Rebecca Long
May 25 · 8 min read
Image for post
Image for post

With so many of us currently transitioning to a remote world while we ride out the pandemic, we are relying on video conferencing tools like never before. Tools like Microsoft Teams, GoToMeeting, BlueJeans, Skype, and, of course, Zoom.

Zoom has been in the news a lot since the pandemic started as they have struggled with security issues. They had initially been scrambling to patch things as the new attention shined a light on the platform’s security. Thankfully, Zoom has recently been making great strides and have added several features to increase security for it’s users. In this post, we’ll be sharing some simple tricks you can do to make your Zoom experience much safer.

At Future Ada, we use Zoom and have been taking measures to ensure the privacy and security of our own organization, our users, and our participants. The recommendations listed here stem from our own testing and what we follow ourselves. While we’re not going to touch on every specific setting, the guidelines below should help set a secure baseline for your online meetings.

Setting Locations

Many settings can be confusing as they appear to be duplicated in a couple locations. One for the overall administration of your account and again under your personal user settings. You’ll want to check both locations to be sure they are set appropriately. These settings can be found in the following locations:

  • Personal > Settings
Image for post
Image for post
Personal Meeting Settings
  • Admin > Account Management > Account Settings
Image for post
Image for post
Admin Meeting Settings

💡 Note: Settings found under Admin have a “lock” ( 🔒 ) option next to them which should be set for any setting you want to be universal for all your users and all your meetings.

Image for post
Image for post
Meeting Setting Groupings

Advanced settings to check can be found under:

  • Admin > Advanced > Security
  • Admin > Advanced > Integration
Image for post
Image for post
Admin Advanced Settings

There are recommendations here that may be scattered throughout each of these areas so you will want to check them all to know what’s available and get them set appropriately. Check them regularly as well to take advantage of new settings that become available as Zoom rolls out updates.

Password Recommendations

Password requirement guidelines for Zoom accounts, meetings (and really, any account you have):

  • Have a minimum password length of 12 (or highest allowed length available)
  • Have at least 1 letter (a, b, c…)
  • Have at least 1 number (1, 2, 3…)
  • Have at least 1 special character (!, @, #…)
  • Include both Upper case and Lower case characters
  • Cannot contain consecutive characters (e.g. “1111”, “1234”, “abcd”, or “qwert”)

Enable enhanced weak password detection where available and strong password policy management options.

  • Require new users to change their password upon initial sign-in
  • Set password expiration after a specified number of days (120 days or less)
  • Don’t have users reuse any previous passwords
  • Limit the number of times a user can change their password in a 24 hour window to 3 or less

Participant Permissions

Recommended locked down default settings:

  • Disable transferring of files to avoid anything malicious or inappropriate being sent to you or another participant
  • Disable participants ability to use annotation so no one accidentally or purposefully draws on your presentation
  • Disable participants ability to use the whiteboard
  • Disable participants ability to remote control so no other participant can be given control over a screen being shared
  • Disable participants ability to provide nonverbal feedback via icons
  • Disable the ability for removed participants to rejoin the meeting
  • Disable far end camera control to prevent another participant or user from taking control of your camera

Other things you can consider disabling include the chat feature or just private chats. This can help you control the narrative of your meeting and prevent unexpected interruptions. Chat can be disabled and enabled from within the meeting by the host or co-host as well for this purpose.

Virtual backgrounds are super popular right now and they can be a lot of fun. However, if you have a lot of participants you don’t know or trust this may be a setting you want to consider disabling to prevent an inappropriate image from being used as someone’s background.

For meetings that are open to the public, consider disabling video for folks on the start of a meeting (this can be turned on after things get started). Setting screensharing to be host-only is a good option for public meetings as well so no one else shares their screen with something unexpected or inappropriate.

Turning off “Join Before Host” and enabling “Waiting Room” are good options for public meetings as well to control when and who gets to join. Having all participants sit in a “Waiting Room” gives you, as the host, control to get setup and ready before allowing anyone to join. You then get to manually allow individuals in the “Waiting Room” to join when you are ready.

If you are allowing participants to join your meeting via telephone channels, it’s a good idea to protect their privacy by selecting to mask their phone number in the participant list. This may not be necessary if all participants are known and trusted.

Recordings

You can take control of recordings and access to them by limiting recording options to only be by the host and saved to the cloud. Lock the recordings down to only authenticated users and require a password to gain access or download copies.

If you, as the host, decide to record your meeting, it’s a good practice to enable the settings for a disclaimer to your participants so they know and have the option to consent to it or leave the meeting.

Other Recommendations

General Meeting Security

Be mindful of the data centers being used with your account. Zoom offers a number of countries / regions for you to pick from. We recommend not using China or Hong Kong SAR.

Image for post
Image for post
Data Center Regions Setting

General Account Security

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).[1]

Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.

https://en.wikipedia.org/wiki/Multi-factor_authentication

Additionally, setting a time-out period for users logged in to Zoom but have not been active. The lower the inactivity timeout can help prevent an unauthorized person from using their account if the user forgot to log out or walked away from their computer.

Integrations

More Resources

Curious about these settings or want to learn more about online privacy and security? Future Ada offers regular free workshops to cover these topics and as well as free one-on-one appointments with our privacy and technical professionals.

Future Ada

We are a 501(c)(3) non-profit based in Spokane, Washington…

Rebecca Long

Written by

intersectional feminist, antiracist, servant leader, Future Ada founder/president, qa & devops, social engineer, SpoQuality co-founder - opinions are my own

Future Ada

We are a 501(c)(3) non-profit based in Spokane, Washington dedicated to creating sustainable diverse and inclusive spaces for all people within science, technology, engineering, art, and mathematics (STEAM).

Rebecca Long

Written by

intersectional feminist, antiracist, servant leader, Future Ada founder/president, qa & devops, social engineer, SpoQuality co-founder - opinions are my own

Future Ada

We are a 501(c)(3) non-profit based in Spokane, Washington dedicated to creating sustainable diverse and inclusive spaces for all people within science, technology, engineering, art, and mathematics (STEAM).

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store