- Before You Begin
- Scenario 1: General Public Invited to Join a Zoom Meeting
- Scenario 2: Meetings for Notre Dame Participants
- Scenario 3: Meeting with Notre Dame and Non-Notre Dame Participants
- Scenario 4: Hosting a Large Zoom Meeting
- Scenario 5: What to Do If You’re Being Zoom-bombed
- Scenario 6: Protect Intellectual Property
- Scenario 7: Sensitive and Regulated Data in Zoom
- Scenario 8: End-to-End Encryption in Zoom
Zoom has a number of security features to prevent unwanted access or disruption to your Zoom meetings. All of these security features can be found in Managing Risk of Disruption in Zoom Meetings. Below are a number of specific scenarios with recommended security settings you may want to enable.
Scenario 1: General Public Invited to Join a Zoom Meeting
If you plan on hosting a public event and want the general public to be invited and attend, you're strongly encouraged to turn on registration for the Zoom meeting. Registration will require your participants to sign up for the event prior to receiving the Zoom meeting link.
If the event is for the public and you do not have technical support to help manage the meeting you may also want to consider using ND Studio’s Zoom Webinar Service.
To require registration:
- Sign into zoom.nd.edu
- Schedule a Zoom meeting
- In the meeting setting, click the checkbox for Required next to Registration.
- Once in the meeting, be sure to familiarize yourself with the Zoom Security button.
If you are hosting a meeting or course where only Notre Dame participants should be allowed to attend, it’s best to require users to sign in with their Notre Dame NetID and password in order to join the meeting.
For more information, see Create Zoom Meeting Restricted to Notre Dame Participants
If you are hosting a meeting or course primarily consisting of Notre Dame participants and you have a guest lecturer or a few non-Notre Dame attendees, it’s best to require users to authenticate by using “Sign into Zoom”. Notre Dame participants can use SSO to sign in while other participants can sign in via Zoom, Google, or SSO if their institution allows it. Signing in is always a good practice as it can help prevent unwanted participants.
For more information, see Create Zoom Meeting Restricted to Notre Dame Participants. Make sure at Step 3 to select Sign in to Zoom instead of Notre Dame Only (Okta).
If you are hosting a large Zoom meeting and want to prevent unwanted disruptions, see Recommended Settings for Hosting a Large Zoom Meeting and Best Practices for Hosting a Large Zoom Meeting.
If you are hosting a large meeting where you need extra security measures, for example, not allowing participants names’ to be seen, turning participants audio/video off and not letting them turn it back on, etc. see ND Studio’s Zoom Webinar Service for more information.
The best thing you can do to minimize the impact if you are being Zoom-bombed is become familiar with the Zoom Security button.
- Participant(s) sharing inappropriate content
Use the Zoom Security button to disable the ability for participants to share their screen and then remove the participant. Participants are not allowed to share their screen without host permission so this should not be an issue under normal circumstances.
- Participant(s) making inappropriate noise
Mute all participants and then disable participants' ability to unmute themselves. Remove the participant if necessary.
- Participant(s) using the chat inappropriately
Use the Zoom Security button and turn off participants' ability to chat. Remove the participant if necessary.
- Participant(s) renamed themselves to something inappropriate
Use the Zoom Security button and turn off participants' ability to rename themselves. Remove the participant if necessary.
Participants are not allowed to record your screen via Zoom without the host’s permission. As a Zoom meeting participant, do not record audio or screen displays using any software or devices other than Zoom's internal recording capability. This will ensure that the host has given their explicit permission to record and that all participants are aware the meeting is being recorded. Content recorded should not be shared outside the meeting participants without the explicit permission of the host and, at the host's discretion, permission from the meeting attendees.
To help detect leaked Zoom meetings you can add an audio watermark to the share screen with the participant’s name on it. This will help identify the person if the video is ever shared and found publicly.
To enable the audio watermark during a screen share:
- Login to zoom.nd.edu.
- Create Zoom Meeting Restricted to Notre Dame Participants
- The audio watermark will be added automatically.
Zoom is not approved for use in transmitting, displaying, or discussing data classified by the University as Highly Sensitive Information (HSI) These data are identified as part of the University's Information Security Policy and the Highly Sensitive Information standards.
Data classified by the University as 'Sensitive' shouldn't be transmitted, displayed, or discussed if any Zoom meeting attendees, including those who are Notre Dame participants, may not be authorized to access such data. If your Zoom meeting plans to include data classified as 'Sensitive', you must have the explicit permission of the appropriate Data Steward(s).
Data classified by the University as 'Internal' may be transmitted, displayed, or discussed only if all meeting attendees are Notre Dame participants. If there are non-Notre Dame participants, you must have the explicit permission of the appropriate Data Steward(s) to include 'Internal' data.
If you have a need to use Zoom with these data types, please reach out to Notre Dame Information Security.
The recommended settings for meetings with Sensitive and Internal data are as follows:
Host account settings:
- Require a passcode when scheduling new meetings: On
- Auto saving chats: Off
- File transfer: Off
- Data Center regions for meetings/webinars hosted by your account: United States only
- Allow live streaming meetings: Off
Host meeting settings:
- Use a generated meeting ID (not your Personal Meeting ID (PMI))
- Require meeting passcode checked: On
- Audio option: Computer Audio
- Enable join before host is unchecked: Off
- Enable waiting room is checked: On
- Only authenticated users can join is checked: On
- Use the most appropriate option Notre Dame SSO (all ND participants) or Signed in to Zoom (participants outside of ND need to join)
- Do not record the meeting
- (Coming soon: end-to-end encryption)
In the meeting:
- Make sure the host is familiar with the Security button
- Once everyone has arrived, lock the meeting.
- Use headphones to minimize the chances the discussion can be overheard
- Conduct the meeting in a private location to minimize the risk of shoulder surfing
End-to-end (E2EE) encryption for meetings is now available. Zoom users can enable end to end encryption for meetings, providing additional protection when needed. Enabling end to end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.
Please see KB0021824 for information on how to enable E2EE.
Enabling this setting also disables the following features:
- Join before host
- Cloud recording
- Live streaming
- Live transcription
- Breakout Rooms
- Meeting reactions*
- 1:1 private chats*
*Note: As of version 5.5.0 for desktop, mobile, and Zoom Rooms, these features are supported in E2EE meetings.
Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, the Zoom web client, third-party clients leveraging the Zoom SDK, or Lync/Skype clients, as these endpoints cannot be encrypted end to end.
- Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.
- E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited in this first E2EE version. Individual Zoom users should determine whether they need these features before enabling this version of E2EE in their meetings.
- Zoom meetings and webinars by default use AES 256-bit GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers. In a meeting with E2EE enabled, nobody except each participant – not even Zoom’s servers – has access to the encryption keys being used to encrypt the meeting.