Best Practice - Security for Online Meetings

IT Service Desk 252-328-9866 | Pirate Techs Technology Support Centers | Submit a Ticket

Skip to a section: Overview | General meeting tips | Zoom

Available to

Faculty, Staff, Students

Overview

Collaboration tools are a critical technology in the daily operations of our university. From time to time it’s important to be reminded of safe computing practices when utilizing collaboration tools and specifically, remote meeting tools. Without safeguards in place, anyone can take over meetings and display inappropriate content with malicious intent. Please review the following guidelines to ensure safe computing practices for online meetings.

Please refer to the Data Governance Sensitive Data Storage and Transmission website for appropriate use of remote meeting tools. ITCS encourages the use of Webex or Microsoft Teams since we have enterprise security settings with these tools.

General teleconferencing security tips

  • Set personal room notifications before a meeting.  You (the host) receive an email notification when attendees are waiting and allows participant review. Unauthorized attendees can be expelled.
  • Auto lock your personal room. This prevents attendees in the lobby from automatically joining the meeting. You (the host) should authorize attendees to join once you see the notification that they are waiting to join.
  • Schedule a meeting instead of using your personal room. Personal room web links do not change. Improve security by scheduling a meeting that includes a one-time web link.
  • Set a unique, complex password for each meeting. Strong passwords include uppercase, lowercase, numbers and special characters to protect against unauthorized attendance.
  • Do not reuse passwords for meetings. Scheduling meetings with the same password weakens meeting protection considerably.
  • Use the entry or exit tone or the "announce name" feature. This prevents someone joining the audio portion of your meeting without your knowledge.
  • Do not allow attendees or panelists to join before the host. This is a default setting set by the site administrator.
  • Assign an alternate host to start and control the meeting. An alternate host can start the meeting and act as the host if you inadvertently lose your connection to the meeting. This prevents the host role being assigned to an unexpected or unauthorized attendee.
  • Lock the meeting once all attendees have joined. This prevents additional attendees from joining. Hosts can lock/unlock the meeting at any time while the session is in progress.
  • Expel attendees any time during a meeting.
  • Share an application instead of sharing your screen. This prevents accidental exposure of sensitive information that may be on your screen (Microsoft Office products, Web browsers).
  • Set passwords for recordings before sharing. Password-protected recordings require recipients use the password to view.
  • Delete recordings when they are no longer relevant.
  • Create a host audio PIN. Your PIN is the last level of protection preventing unauthorized access to your personal conferencing account. Should a person gain unauthorized access to the host access code for a personal conference meeting (PCN meeting), the conference cannot be started without the audio PIN. Protect your audio PIN and do not share it.
  • Do not open emails from an unknown sender. This is especially crucial if the email has inconsistencies in grammar or spelling, or the email contains unfamiliar web links.

Zoom Best Practices

 

  • Do not make meetings or classrooms public. Zoom has two options for private meetings: 1) require a meeting password and 2) use the waiting room feature.
  • Do not share a teleconference or classroom link through an unrestricted, publicly available social media post. Provide the link directly to specific people.
  • Add a passcode to your meeting. Share the required passcode with attendees.
  • Manage screen-sharing options. In Zoom, change screen-sharing to host only.
  • Ensure users use updated versions of remote access/meeting applications.
  • Do not use Facebook to sign in. It is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
  • Use two devices during Zoom calls. If you are attending a Zoom call on your computer, use your phone to check your email or chat with other call attendees.
  • Don't use your personal meeting ID for meetings. A Zoom personal meeting ID is the same as a personal room meeting in WebEx.
  • Turn on the waiting room for your meeting and check waiting participants before letting everyone in.
  • If you don't want participants to join/interact before the host enters, uncheck "join before host." Set an alternate host if you need a backup host.
  • Disable "allow removed participants to rejoin" so that participants you've removed cannot re-enter.
  • Disable file transfer unless you know this feature is required.
  • Disable annotation unless you need it.