Protecting yourself and your meeting attendees from Zoombombing incidents, malware infections, and other cybersecurity threats is critical to the user experience. For this reason, we have compiled a list of best practices for increased privacy and security. These will help to enhance your web conferencing experience and reduce the possibility of unknown or unwelcome guests joining your meeting or webinar.

Zoombombing

When an unauthorized person or stranger joins a Zoom meeting/chat session and cause disorder by saying offensive things or photobombing the meeting by sharing pornographic and hate images. Uninvited guests can also listen in on discussions, capture screenshots of shared content, or disrupt the meeting with unwanted video, audio, or unauthorized shared content.

The following recommendations will increase the security of your Zoom sessions and reduce the chance of unwanted attendees (Zoombombing). We recommend using as many of these options as you reasonably can without impacting your meeting operations. If you are discussing any sensitive or confidential information during a meeting, these measures become that much more critical.

Some might suggest publicly sharing your Personal Meeting ID or the automatically generated Meeting ID to make it easier for people to find your Meeting ID. However, the latter makes it easier for unwanted participants to find it, kind of like using your birthday as your password (which is a very bad idea).

Meeting Passwords

We highly recommend a strong password for all meetings and webinars. When scheduling a meeting, under Meeting Options, select Require meeting password, then specify a strong password (make your password at least eight characters long and use at least three of the following types of characters: lowercase, uppercase, numbers, and symbols). All participants will be asked for this password before joining your meeting.

Enable the Waiting Room Feature

The Waiting Room feature allows you (Host) to control when each participant joins the meeting. As the Host, you can admit attendees one by one, or hold all attendees in the Virtual Waiting Room and admit them en masse. This requires more work by the Host, but allows you to control who specifically needs access or you want to let in. Think of the latter as a cyber bouncer.

Disable Join Before Host

If you are scheduling a meeting where sensitive information will be discussed, it is best to disable (turn off) Join Before Host (found under Meeting Options when scheduling a meeting). For more information please visit Zoom’s Join Before Host help page for more information.

The Join Before Host option comes in handy if you want to let others start a meeting without you or for one reason or another the Host is running late. However, when this option is enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting. Another option is to assign an Alternative Host.

Keep in mind that starting a meeting without you (Host) is still possible even if Join Before Host is disabled. For example, if you give someone Scheduling Privilege, which allows them to schedule meetings on your behalf. That person then becomes the Host the moment they start or join a new meeting. The latter is not a problem, as our recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

Limit Screen Sharing to the Host

By default, screen sharing in Zoom meetings is limited to the host. You can change this if you need to allow other attendees to share their screens. If you make this change and decide to return to having screen sharing be limited to the host, while in your meeting,

  1. Click the up-arrow next to Share Screen.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.

This won’t be appropriate when multiple participants will need to share and collaborate, but setting this restriction will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.

Meeting Security When Scheduling Zoom Meetings Using Your Outlook Calendar

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password. If you have set up your calendar so that it is open for partners to view the details of your meetings, this can expose the password to anyone who views your calendar. You can protect the password by making the calendar entry private or editing the entry to remove the Zoom meeting password.

Remove a Participant from a Zoom Meeting or Webinar

If you have already begun a meeting and find an unwanted attendee has joined:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. Next to the person, you want to remove, click More.
  3. From the list that appears, click Remove.
Lock Your Meeting

The Zoom Host Controls allow the Host or co-Host to lock the meeting. Once all attendees have joined,

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, click More.
  3. From the list that appears, click Lock Meeting.
Unlock the meeting following these same steps.

When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so don’t lock the meeting until everyone has joined.