UW-Madison Zoom - Secure Meetings and Webinars

“Zoombombing” is when an unauthorized person or stranger joins a Zoom meeting/event/chat session and causes disorder by saying offensive things and even photobombing your event by sharing pornographic and hate images.

Note: Even if you take the steps below, Zoombombing can still occur - please review the information below and follow steps outlined to secure your events, participants, and data, as best as possible.

Topics covered in this guide


TIPS



KEY ZOOM SETTINGS FOR EVERYONE


Change these settings in Zoom one time, to enhance security & control both scheduled meetings and your personal meeting room.

Disable Join Before Host - This ensures that a Host, who has access to security features, is in the meeting before any attendees.

For scheduled meetings

  1. Sign into your UW-Madison Zoom account.
  2. Select Settings in the left menu.
  3. Toggle the Join before host option to off.

For Personal Meeting Room

  1. Sign into your UW-Madison Zoom account.
  2. Select Meetings in the left menu.
  3. Select Personal Meeting Room in top menu.
  4. Click Edit this Meeting.
  5. Uncheck Enable join before host in Meeting Options.

Don’t Embed Password in Meeting Link

  1. Sign into your UW-Madison Zoom account.
  2. Select Settings in the left menu.
  3. Toggle the Embed password option to off.

Disable Screen Sharing by Participant

  1. Sign into your UW-Madison Zoom account.
  2. Select Settings in the left menu.
  3. Find Screen sharing section.
  4. Set Who can share? to Host Only.

Note: You’ll be able to enable this during your meeting if needed, using the Security menu.


PRIVATE MEETINGS & SESSIONS


Following are recommendations for department or other more private meetings where you know who all of your participants will be. Some of these settings can then be adjusted when you schedule a specific meeting but others will be unavailable for all meetings unless you adjust them on the Settings page again.

Before Meeting

Follow these guidelines and open a browser to change the Settings of your Zoom account to adjust features.

  • Don’t publish unsecured meeting links on public-facing web pages.
  • Don’t share your Private Meeting ID (PMI) freely. Share it only with colleagues; schedule a meeting with a unique ID for external meetings or for meetings you need to share more widely.
  • Turn offJoin Before Host so that crashers can’t join before you.
  • Use Meeting Passwords.
  • Use the Waiting Room so that people can’t join until the host or co-host grants them access.
  • Browse the Large Meeting advice below to see other features you can disable if you don’t need them.

After Starting Meeting

Once your meeting has started, you can take additional actions:

  • Lock the Meeting after starting so that no additional attendees can join. (Click Security > Lock Meeting).
    • You can also Enable the Waiting Room from the Security link, if you hadn’t already turned it on.
  • Disable the Rename function, using the Zoom Security Toolbar.

LARGE/OPEN EVENTS


When you are coordinating a larger event you can add security to the registration process and can also restrict actions participants can take during the meeting. If your department frequently holds large online events with open/public audiences, consider subscribing to a Zoom Webinar account instead of Zoom Meeting.

Before Meeting

Follow these guidelines and open a browser to change the Settings of your Zoom account to adjust features.

Prevent Uninvited Participants from Joining

  • Don’t Use Words like Zoom or Webinar in Web Postings: If you need to post info on the web, avoid the words “Zoom”, “Online Meeting” and “Webinar”. Zoombombers search for events using these terms.
  • Don’t use your Private Meeting ID (PMI) for large events.
  • Use aMeeting Password and Registration with Manual Approval. With manual approval, you can verify email address domains are from within UW-Madison or other known entities. On the Registration page, disable the “Show Social Share buttons” option so that bombers can’t easily share your event information.
  • Turn offJoin Before Host so that crashers can’t join before you.

Limit Participant Options

  • Turn off Screen Sharing for Participants*: On your Zoom settings page, change Screen Sharing to Host Only
  • Turn Off Annotation*: This tool allows attendees to draw on a shared screen.
  • Turn Off File Transfer: When enabled, this allows attendees to share files via Chat
  • Mute Audio: In Settings, choose the option to Mute Participants Upon Entry
  • Turn Off Virtual Background: This will prevent users from displaying an image as the background on their video.

After Starting Meeting

Once your meeting has started, you may want to:

  • Assign a Co-Host (or two, or three) to help you manage the meeting
  • Disable the Rename function, using the Zoom Security Toolbar
  • Disable Unmuting: Use this to only allow host/co-host to unmute. Access from the Participants window using Mute All or the More (...) menu. Consider enabling Nonverbal Feedback to allow “Raising Hand” to be unmuted.
  • Enable Waiting Room or Lock Meetings soon after starting so no new attendees can join (from Security menu).
  • Limit Chat Options*: You can limit participant chatting to be with the Host (and Co-Hosts) only.
  • Open the Manage Participants window so you have easy access to controls and can see who’s speaking.

*Don’t shut down interaction you need. Features marked with an asterisk* can also be quickly turned on and off during the meeting using the Security menu so if you want to use them for increased user engagement, leave them enabled and you can turn them off during the meeting if needed. Read on for more about how to deal with meeting crashers.


Shutting down event crashers


If someone crashes your meeting, there are new controls in Zoom to help you disable functions quickly. This new Security toolbar became available on April 8, 2020 – your Zoom application may need to be updated to see it. For more on the Security toolbar, see Zoom article.

What to do if your meeting is crashed. 

If you’re hosting a large event where there’s a chance of a crasher, make sure you have at least one person set as co-host and plan ahead for who will do what if there’s a crasher so you can act quickly.

  • Stay calm – you can shut them down!

    In open or closed “presentation" meetings, these settings work well. In open “discussion" meetings/sessions, some of these settings are challenging to implement. If you’re able to, while taking these actions, let your attendees know functions have been shut down while you deal with the crashers.

    • Audio interruptions - unmuting and speaking to attendees.
      Solution: Press Participants, then Mute All. On the pop-up, uncheck “Allow participants to unmute themselves”.

    • Video interruptions - showing inappropriate video or gestures in a live or virtual background.
      Solution: press Participants, select the individual, press Stop Video.

    • Chat interruptions - typing something inappropriate or using private chat to harass other students.
      Solution: Press Chat then the menu () on bottom right to manage chat settings.

    • Screen share interruptions - sharing inappropriate content with all attendees.
      Solution: The default is to only allow the host to share. If a non-host needs to share screen, temporarily make them a co-host then remove the privilege when done sharing.

    • Annotation interruptions - drawing something inappropriate on the screen during a screen share.
      Solution: If Annotations are enabled during a screen share, under the Security button, uncheck "Annotate on Shared Content".

  • Find the culprit(s) in video or participant list and Remove from the meeting
    • Report the participant to Zoom.
    • If it’s a large event and you can’t find them, if you can proceed with tools shuts down, you can go on with your meeting and the bombers will not be able to take further action.

  • The exact order you do these things in will depend on what’s happening and how quickly you need to remove unwanted content.

Important: If you believe disciplinary action by the university is warranted, only then should you contact the help desk and provide details on this issue (meeting owner address, meeting id number, date/time of event, title of event, and attendee information). Otherwise, please follow the information above to further safeguard your event.




Keywords:zoom bombing zoombombing Report participant attendee meeting webinar settings abuse virtual events disrupt disturbing vulgar language trolling   Doc ID:106947
Owner:Zoom S.Group:Zoom
Created:2020-11-03 06:10 CDTUpdated:2021-03-09 09:11 CDT
Sites:DoIT Help Desk, Office 365, Zoom
Feedback:  0   0