The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees (Zoombombing). We recommend using as many of these options as you reasonably can without impacting your meeting operations. If you are discussing any sensitive or confidential information in your meetings, these measures become that much more important.

Please note that the Use of Copyright Protected Materials, Information Security and Respectful Work and Learning Environment policies all still apply when using Zoom or any other video conferencing tool for university activities.

Before your meeting or lecture

Share meeting links with your selected audience only

One way “zoombombers” have made their way into meetings is by clicking a link that was posted in social media or on the web. Always keep your meeting information private and share through secure channels.

Check your settings

  1. Log in to the Zoom web portal.
  2. In the left menu, select Settings.

The following settings will be set and LOCKED and cannot be changed by the end-user.

  • Passcode and Passcode Requirement are set to ON.
  • Enable Personal Meeting ID is set to OFF.

Consider turning the following OFF:

  • Participants’ video (default is ON – you can selectively enable participant video when ready)
  • Annotation (default is ON and "Only the user who is sharing can annotate")

Consider turning the following ON:

  • Waiting Room (default is OFF)

Authentication

By default, only authenticated users from UM-managed domains can join meetings. Guests can be invited by exception.

However, this setting can be disabled on a per-meeting basis when you schedule your meeting.  Disabling authentication will allow anyone with the meeting link to join the meeting. If you choose to turn off authentication, we strongly recommend you turn on the Waiting Room.

Recommended configuration examples

For online classes with:

  • no external participants keep the default setting of Authentication enabled
  • one or more invited external participants eg: a guest speaker(s):
    • keep the default setting of Authentication enabled
    • invite external participants as exceptions through the UM Zoom Web portal

For meetings with:

  • a small number of external participants the recommended configuration is:
    • keep the default setting of Authentication enabled
    • invite external participants as exceptions through the UM Zoom Web portal
  • the majority of participants external to the University of Manitoba the host can choose to either:
    • keep the default setting of Authentication enabled and invite the external participants as exceptions through the UM Zoom Portal or;
    • choose to turn off Authentication and enable the Waiting Room feature to allow the host screen and admit only expected participants

RISK STATEMENT: If the host chooses to turn off authentication and not enable the Waiting Room, the meeting will have an increased likelihood for Zoombombing if the meeting link is shared with unwanted/uninvited individuals.

If you have already scheduled your meeting, you can turn off authentication in your meeting in the UM Zoom Portal settings before your meeting starts.

    Plan ahead…

    • Plan for the possibility of disruption. How you will respond and what you will say to the attendees?
    • Practice your responses. Walk through the steps you will take to address the disruption.
    • Assign a co-host. If possible, assign a co-host to monitor chat and other activity.

    How to assign a co-host

    • Click Participants in the meeting controls at the bottom of the Zoom window.
    • Hover over the name of the participant who is going to be a co-host and choose More.
    • Click Make a Co-Host. Once a participant has been made a co-host, they'll have access to the co-host controls

    During your meeting or lecture

    Enable the waiting room

    The Waiting Room is not enabled by default. You can enable the Waiting Room after all your participants have entered the meeting. 

    1. Click on the Security shield at the bottom of the window.
    2. From the list that appears, click Enable Waiting Room.

    The advantages of having the Waiting Room on after your participants have entered are:

    • Late participants cannot join. 
    • During the meeting, you can put a participant in the Waiting Room if they are being disruptive. This is NOT a permanent removal. You can let the participant back into the meeting again. 

    Lock your session

    The Zoom Host Controls allow the host or co-host to lock the meeting. Once all your attendees have joined,

    1. Click on the Security shield at the bottom of the window.
    2. From the list that appears, click Lock Meeting.

    When a meeting is locked, no one can join. The host or co-host will NOT be alerted if anyone tries to join after the meeting is locked, so don't lock the meeting until everyone has joined.

    You can unlock the meeting following the same steps above.

    Consider when to record

    Consider the content of your meetings and if a recording is absolutely required, before proceeding with a recording.  Meetings that may discuss, or present material containing, personal or personal health information should not be recorded in Zoom.  

    Before you record:

    • Review the guidelines on record management from Access and Privacy before recording your sessions. 
    • Always remember to ask participants for consent before starting a recording

    Security controls for recordings:

    • Require users to authenticate before viewing cloud recordings (default is OFF)
    • Enable Password Protect (default is ON)
    • Show a disclaimer to participants when a recording starts (default is ON)

    Responding to a disruptive participant

    Remove the participant

    If a disruptive participant has joined your session and you know who they are:

    1. Click Manage Participants at the bottom of the Zoom window.
    2. Next to the person you want to remove, click More.
    3. From the list that appears, click Remove.

    Suspend participant activities

    If you do not know who the disrupting participant is, you can stop all meeting activities using the Zoom Security menu, then gradually turn on settings.

    1. At the bottom of the Zoom window, click Security.
    2. Select Suspend Participant Activities. This will turn off all video, audio, Zoom Apps and screen sharing for the host and all participants. It will also lock the meeting to prevent participants from joining. This will apply to all participants, including those who joined from a Zoom Room. 
    3. To restart your meeting, you can turn on your mic and any other desired settings. 

    Reporting an incident

    All incidents should be reported to the Information Security team by contacting:
    servicedesk@umanitoba.ca or infosec@umanitoba.ca

    Zoom also allows you to report a user to Zoom's Trust and Safety team. You will be able to select which user to report and provide details about the problem. You can also upload evidence, such as screenshots. 

    Zoom webinars

    Use a webinar when outside guests or the general public are invited to attend a meeting or conference.

    The university has reserved a pool of Zoom webinar licences for meetings involving outside guests or the general public.

    Key security features to prevent Zombombing in a webinar include:

    • Communication by default is unidirectional from the host/co-host/ panellists to the audience/participants.
    • All webinars require meeting moderation
    • All chat is moderated and not transmitted to all attendees
    • Webinars require passcodes for all video conferences 
    • Only the host/co-hosts and panellists can mute/unmute their own audio 
    • Attendees join in listen-only mode 
    • Attendees join with no video 
    • No waiting rooms for webinars  
    • The host can unmute one or more participants if required. 

    To request a Zoom webinar licence, please contact the IST Service Desk.

    Using your Personal Meeting ID (PMI)

    Your Personal Meeting ID (PMI) is a permanent virtual meeting room/office specific to you.

    If you choose to use the Personal Meeting ID (PMI) feature on your account, follow the recommendations below to ensure you are using this feature securely.

    Enable the Waiting Room

    You can screen and admit people to your PMI virtual meeting room when you are ready to meet with them. If you do not enable the Waiting Room, people will be able to join your personal meeting room at any time without your explicit permission and without you being present.

    How to enable the waiting room for your meeting:

    • Sign in to the UM Zoom web portal (umanitoba.zoom.us).
    • Browse to your Settings.
    • Under the Meeting tab….select Security.
    • Toggle Waiting Room to On.

    In the Zoom desktop application, select your Personal Meeting ID then click Edit. Under the heading Security, select Waiting Room.

    Change your passcode regularly

    Personal Meeting ID passcodes do not automatically change or expire. We recommend regularly changing the passcode for your meeting room. At the very least, change your passcode any time you are concerned it may have been compromised or used to inappropriately access your personal meeting room.

    How to change your PMI passcode:

    • Sign in to the Zoom web portal (umanitoba.zoom.us).
    • Browse to your Settings.
    • Under the Meetings tab….select Security.
    • Under Personal Meeting ID Passcode….select Edit.
    • Create a new password and select Save.