Secure Zoom Meetings and Webinars
To help protect the privacy of your Zoom sessions’ content and participants while holding meetings and webinars, your privacy and security settings have been globally preset. The preset settings are designed to give you optimal ease when scheduling a meeting or webinar.
The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees. Use these recommended settings whenever possible if they are not disruptive to how you need to operate. The settings can be globally applied to all meetings or to individual meetings or webinars.
Caution: when discussing any sensitive or confidential content in your session, these settings are most important. If you need guidance on optimizing these settings, contact IT Services or your local IT Support team.
Here are the key Zoom settings you should know about:
Key Zoom Settings
Keeping Zoom meetings secure from uninvited attendees is important. Uninvited guests may listen in on discussions, capture screenshots of shared content, and even disrupt the meeting with unwanted video, audio, or shared content. Do take uninvited guests seriously—it’s possible that these incidents may constitute a phishing attempt to obtain confidential information or access to University services.
You should limit who can attend your Zoom sessions by allowing only authenticated users to join meetings. This is easily accomplished by following these steps:
- Sign in to your Zoom portal.
- Go to Settings.
- Click on Schedule Meeting.
- Scroll down to Only authenticated users can join meetings. By default this setting is enabled.
- Review your Meeting Authentication Options. These are the available options:
- Sign in to Zoom (default). Participants may sign in from these domains only: *.chicagobooth.edu, *.uchospitals.edu,*.uchicago.edu.
- Campus Only. Participants may sign in from these domains only: *.chicagobooth.edu, *.uchicago.edu
- You can edit either of these settings and add an additional domain. Use the format *.domain. You can also select either as the default authentication option.
- When you schedule a meeting, under Meeting Settings check the box Only authenticated users can join.
Note: This option is available in the Zoom portal only and not in the Canvas/Zoom integration setup.
Set meeting passwords
It’s highly recommended that you set a strong password for all meetings and webinars, especially if the topic is sensitive in nature.
When scheduling a meeting, under Meeting Password:
- Select Require meeting password.
- Enter a strong password. Make your password 6-10 characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, and symbols. Choose passwords that are easy to remember but not easily guessed.
Participants will be asked for this password in order to join your meeting. Faculty members are advised to set a password for each class session. When scheduling recurring meetings, a single password may be used and distributed within your email invitation.
Secure meetings scheduled with the Zoom Client for Outlook
If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plugin, the calendar entry will include the Zoom meeting password. It is embedded in the Join Zoom Meeting URL automatically to allow one-click access to the meeting. If you have set up your calendar so others can read your appointments, anyone who views will have your password. Protect the password by making the calendar entry private or editing the calendar appointment by deleting the Zoom meeting password.
To verify your settings:
- Sign in to your Zoom portal and navigate to Settings.
- Navigate to Schedule Meeting.
- Verify that the password settings you want to use for your meetings and webinars are enabled.
- If the setting is disabled, slide the Status button from left to right to enable it. If a verification dialog box displays, choose Turn On to verify your change.
Disable “Join before host”
Enabling the Join before host option is convenient for allowing others to run a meeting if you are not available, but if this option is enabled, the first person who joins the meeting will be made the host and have control over the meeting. If you are scheduling a meeting where sensitive content will be discussed, it’s best to disable this option.
You can disable this option by following these steps:
- Sign in to your Zoom portal.
- Go to Settings located in the left navigation bar.
- Click on Scheduled Meeting.
- Scroll down to the Join before host option.
- Slide the radio button from right to left to disable the Join Before Host option.
- Also Enable waiting room to allow participants to be put on hold until the host joins.
Note: When scheduling Zoom meetings, Enable join before host is a Meeting Option that can be adjusted for individual meetings.
If you want to share hosting with someone, you can assign an alternate host instead. It’s still possible for a meeting to start without you (the host) even if the Join before host option is disabled. If you have given someone scheduling privileges to schedule meetings on your behalf, then when that person joins a meeting before you, they will be made the host and the meeting will start. Once you join the meeting, your scheduler can make you the host.
Limit screen sharing to the host
This setting can be changed at any time during a meeting.
While in your meeting:
- Click the up-arrow next to Share Screen.
- Under Who can share?, click Only Host.
This won’t be appropriate when multiple participants will need to share and collaborate, but setting this restriction will prevent unwanted guests from interrupting the meeting by initiating intrusive sharing.
Limit who can view recordings
Zoom has convenient cloud recordings that notify individuals when a meeting is going to be recorded. After a recording is stored and prepared for sharing, Zoom will notify you with an email. This email contains convenient sharing links, but it is important to protect your recordings from unauthorized access. To secure your recordings:
- Log in to your Zoom portal to manage your cloud recordings.
- Go to Settings.
- Click on the Recordings tab.
- Scroll to Only authenticated users can view cloud recordings.
- Edit the Authentication Options.
- Authorized users
- By Password
Remove a participant from a Zoom meeting or webinar
If an unknown individual joins your meeting, immediately seek to identify them as they could eavesdrop, capture screenshots, or even disrupt the meeting with unwanted video or audio. If you cannot identify someone who joins your meeting, remove them promptly.
While your meeting is in session and you find an uninvited participant, take these steps:
- Click Manage Participants at the bottom of the Zoom window.
- Place your cursor over the person you want to remove, then click More.
- In the drop-down menu that appears, click Remove.