Best Practices for protecting your ZOOM meetings

ITSC is aware of some recent concerns and discussion on the Internet related with the data privacy of ZOOM meetings, as well as issues related to "ZoomBombing". We are closely monitoring the sitiuation and maintain communication with ZOOM on the issues. We shall react accordingly and provide any recommended updates here regularly there.

Updates

27-Aug-2020: The University is aligning with ZOOM's new requirement on Meeting Protection by requiring Meeting Passcode in our scheduled meetings. This new protection requirement is implemented on 27-Aug-2020. All new scheduled meetings/webinars are required to enable the Passcode feature. Existing scheduled meetings/webinars without Passcode can be operated as they are.

7-May-2020:To further strengthen the security of ZOOM Meeting, it is compulsory for all meetings/webinars to use Single-Sign-On starting from 8-May-2020. Other sign-in methods like Email address & password, Facebook or Google account sign-in will no longer be supported. See our announcement for more information.  

27-April-2020: ZOOM has released a major update - ZOOM v5.0, which comes with a number of new features and updates. One of them is the introduction of AES 256-bit GCM encryption. ZOOM will be requiring compulsory new encryption after 30-May-2020. For this reason, we recommend our users to update their ZOOM software asap. Other enhancements include INFO icon shows the connected data center, select the regional data center to be used when scheduling a meeting, indication of external user and enhancements to meeting end/leave flow

21-April-2020: ZOOM has enabled its users to customize the usage of its regional data centers.  You may visit Zoom's blog here for more information.  Please be reminded by opting-out any regional data centers, meeting participants from those regions may experience poor performance as mentioned above.

12-April-2020: ZOOM announced releasing a further new version of ZOOM client software (4.6.11) on various platform today (12-April-2020). The new enhancements in this release includes re-enable third-party file sharingChat message preview and minor bug-fixes.

 

Technical Discussion

 

Best Practice

  • Users are recommended upgrade to the latest version of ZOOM on their Notebook, Mac, and Mobile phones. This is especially true for iOS users, as the version 4.6.9 or later fixes a privacy issue with Facebook. iPhone and iPad users are recommend to check their App Store to ensure the latest version of ZOOM App has been installed.

  • Users are recommended to Sign-In ZOOM with SSO using HKUST account. Users should avoid Sign-In ZOOM with linked accounts like Facebook or Google. 

  • Avoid clicking on URL or links provided by others in ZOOM chatroom, unless you are sure the link is safe. This is similar to the case of handling email from strangers.

  • Disabling “Join before host” on your Personal Meeting Room. This is in fact disabled by default in HKUST ZOOM accounts.

  • Consider the Meeting options you would needs before the meeting. For example, for HKUST internal or inter-department meeting, one can consider enabling "Only authenticated users can join meetings" and select "HKUST". This will limit the meeting to be joined only by HKUST account holder. Meeting Organizer may also consider enabling "Require meeting password" which will require the participant to have the invitation URL or the corresponding meeting password before they can join the meeting.

  • The Meeting Host or Co-Host can manage participants during a ZOOM meeting, including locking the meeting when all attendees have arrived. The host or co-host can also mute all participants, mute an individual participant, stop a participant's video, shop a participant's screen sharing, remove unwanted or disruptive participants. The host or co-host can also limit the chat options too.

  • The settings for a ZOOM meeting can be customized when you schedule it OR can also be changed later after it was scheduled. Users can also change your default meeting settings.

  • For Zoom Online classes, we have already turn on most of the following options by default. Class organizers are recommended to following these settings as defaults:
    • Disable "Enable Join before Host"
    • Enable "Muting participants upon entry"
    • Enable "Only authenticated users to join" (Require Class Organizer to explicit turn ON)