Zooms main target audience has been corporate customers who use it predominantly for internal meetings - this means we consider Zoom meetings generally “safe” as they are between trusted parties.
With the recent huge uptake in Zoom during the Covid-19 pandemic, Zoom has gotten a lot of negative press. I’m still sticking with them as I believe they have responded to the critisism faster than most companies could and their product is becoming an even better one as a result. That being said here are some MUST HAVE SECURITY SETTINGS that you absolutely should set if you are running any Zoom meetings outside of the intended scope - i.e. public meetings, Meetups, chapter meetings, etc.
For this case we are considering external facing meetings where I am inviting a large amount of external parties as unsafe.
These are what I consider secure for my context - please use common sense when adapting this to yours.
Meeting Settings
Schedule Meeting
| Feature | Description | Setting |
|---|
| Host video | Start meetings with host video on | OFF |
| Participants video | Start meeting with participant video on | OFF |
| Join before host | This has to be off for waiting room to be on | ON |
| Require a password when scheduling new meetings | All meetings should require a password - lock this at Admin level | ON (Locked) |
| Require a password for instant meetings | All meetings should require a password - lock this at Admin level | ON (Locked) |
| Require a password for Personal Meeting ID (PMI) | All meetings should require a password - lock this at Admin level | ON (Locked) |
| Only meetings with Join Before Host enabled / All meetings using PMI | All meetings should require a password - lock this at Admin level | ON (Locked) |
| Embed password in meeting link for one-click join | this is the ?pwd= portion in the Zoom invite link | AS REQUIRED (ON for me) |
| Require password for participants joining by phone | All meetings should require a password - lock this at Admin level | ON (Locked) |
In Meeting (Basic)
| Feature | Description | Setting |
|---|
| Require Encryption for 3rd Party Endpoints (H323/SIP) | If you have supported 3rd party endpoints lock this to on | ON (Locked) |
| Chat | Allow meeting participants to send a message visible to all participants | AS REQUIRED (ON for me) |
| File transfer | Hosts and participants can send files through the in-meeting chat | AS REQUIRED (ON for me) |
| Co-host | Allow the host to add co-hosts. Co-hosts have the same in-meeting controls as the host | AS REQUIRED (ON for me) |
| Screen sharing | Allow screen sharing - with the introduction of the Security button this can now be toggled in the meeting | ON |
| Who can share? | | Host Only |
| Who can start sharing when someone else is sharing? | | Host Only |
| Disable desktop/screen share for users | | AS REQUIRED (OFF for me) |
| Annotation | Allow participants to use annotation tools to add information to shared screens | AS REQUIRED (ON for me) |
| Whiteboard | Allow participants to share whiteboard during a meeting | AS REQUIRED (ON for me) |
| Remote control | During screen sharing, the person who is sharing can allow others to control the shared content | OFF (Locked) |
| Nonverbal feedback | Enable non-verbal feedback | AS REQUIRED (Locked ON for me) |
| Allow removed participants to rejoin | Participants can be removed from the participants panel - this sets if they can re-join | Off |
| Allow participants to rename themselves | This can also be controlled during the meeting via the Security button - it can allow innapropriate names | AS REQUIRED (ON for me) |
In Meeting (Advanced)
| Feature | Description | Setting |
|---|
| Breakout Room | Allow the host to split meeting participants into separate, smaller rooms. | AS REQUIRED (ON for me) |
| Allow host to assign participants to breakout rooms when scheduling | | AS REQUIRED (ON for me) |
| Remote support | Unless you use Zoom for support I would leave this off. Or create a dedicated group to have this on. Has to be off if using Breakout Rooms | AS REQUIRED (OFF for me) |
| Far end camera control | Unless you need this for Zoom Rooms I would leave it off | AS REQUIRED (Locked OFF for me) |
| Waiting room | To ensure you know who is joining this should be on | ON (Locked) |
| Choose which participants to place in the waiting room | This will only place people not in your domain or not logged in into the waiting room | Guest Particitpants Only |
| Allow internal participants to admit guests from the waiting room if the host is not present | This can be on as we have a higher level of trust in authenticated internal users | Yes |
| Show a “Join from your browser” link | This allows joining from the browser version | AS REQUIRED (ON for me) |
Other
| Feature | Description | Setting |
|---|
| Blur snapshot on task switcher | | ON (Locked) |
Recording
| Feature | Description | Setting |
|---|
| Only authenticated users can view cloud recordings | set to your domain | ON (Locked) |
| Require password to access shared cloud recordings | always require passwords | ON (Locked) |
| Recording disclaimer | If you are recording sessions it’s probably a good idea to have this on | AS REQUIRED (Locked ON for me) |
| Ask participants for consent when a recording starts | | AS REQUIRED (Locked ON for me) |
| Ask host to confirm before starting a recording | | AS REQUIRED (Locked ON for me) |
| Multiple audio notifications of recorded meeting | | AS REQUIRED (Locked ON for me) |
