To address security and performance concerns it is important to keep your Zoom software up to date. Zoom will typically notify you with a popup when an update is available. You should always install the update if prompted. You can also check for new Zoom software updates manually. Please see the content below for more tips on securing Zoom sessions.
Securing Your Meetings
Zoom Security Basics
How to Enable the Waiting Room
Getting Started with Zoom
There are many resources available to help you become an expert Zoom user. Here are a few video tutorials to get you started:
How to Mitigate "Zoombombing"
You might have recently heard about "Zoombombing". It is when a participant in a class hijacks control of the session and posts or shares objectionable material on screen for all participants to see. The perpetrator is usually someone who has no business being in the class but has managed to get hold of the link to the class and joined with a fake screen name. I want you to know that UH is doing everything that we can to prevent these often traumatic disruptions from happening to our faculty and staff while still giving you flexibility in how you schedule sessions. We've been working with IT Security to review the default meeting configurations to balance security with ease of use.
Most cases of Zoombombing happen because meeting log in information was published onto a website, shared to an email list, or forwarded outside of the participant group. Short of requiring participants to log in, the best way to prevent it from happening to you is to make sure that you are sharing your meeting only with people you want to attend.
When you schedule a Zoom meeting:
- Don't disable meeting password or any of the existing security options without a good reason.
- Limit Screen Sharing to the Host if you are the only presenter. With this setting enabled only you will be able to share screen.
- Disable join before host—this will prevent meeting attendees from joining your meeting prior to your arrival. They will be allowed in as soon as the meeting host logs in.
- Lock Your Session when everyone has arrived—this setting allows you to prevent additional attendees from joining your meeting once it has started
- Remove a Participant from a Zoom Meeting—you can remove disruptive attendees from your meeting using this option
- If you do have a Zoombombing incident, please notify UIT Security
This is a challenging time and many of you have jumped into a new and alien environment for teaching and working. Please feel free to reach out for help if you need it.
FBI Warns of Teleconference Hijacking
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called "Zoombombing") are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to "Host Only."
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization's telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI's Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, please report it to us at tips.fbi.gov or call the FBI Houston Field Office at (713) 693-5000.