Decrease the Risk of Zoombombing by Practicing the Following Recommendations

When hosting a Zoom meeting, it is increasingly important that you follow best practices in order to keep uninvited attendees from finding their way into your meeting and causing disruption – referred to as Zoombombing. These disruptions range from the benign to intensely emotional experiences. Zoom offers a range of essential security features to help prevent this.

Note: For all your meetings, you have granular control over your global default settings, and can manage them by logging into your account at https://skidmore.zoom.us. On the left side navigation bar, under Personal, select Settings. Zoom continues to add to these numerous options. Choose those that best address your overall concerns, and you can also adjust settings while a meeting is in progress or when scheduling a meeting.

Preparing for a Secure Meeting: 

• Keep your Zoom Current – Zoom will prompt you when there is a new update, whether mandatory or optional. Here are two steps you can take to make sure you are up to date.
  • To find out what version you are running, refer to What Version Am I Running?
  • Manually download the latest version by following these directions.
• Always enable passcodes for your meetings, so only those with the passcode they received in the meeting invite can join. Also, disable Embed password in meeting link for one-click join, Require passcode for participants joining by phone, and never share your meeting ID or passcode on social media, online platforms or public websites. Obtain a list of participants, and send them the passcode via email.
• Require Authentication to Join (restricts entry to Skidmore community members only). This can be used for an additional level of security. Participants joining who have the Zoom client are prompted with a message to sign in with their Zoom account credentials. Participants need to select Sign in with SSO (Single Sign On), and for company domain they should type in Skidmore. From there, they will be brought to Skidmore’s single sign on page, where they will enter their Skidmore login credentials.  Click here for instructions. 
• Enable Waiting Rooms – You can enable a virtual waiting area that prevents people from joining a meeting until the host is ready. Zoom has made this a default to promote increased security. Meeting hosts admit people into the meeting individually so that they can confirm the participant belongs in the meeting. To protect your meeting from Zoombombing, we do not advise you use the option to admit all participants at one time. This can take time and interrupt the flow of a class or meeting, but so will an unwanted guest. It is possible to designate a trusted member of the session to be a co-host, and they can be responsible for admitting attendees. (Instructions for designating a co-host) It is also important to note that enabling a waiting room will by default disable the ability to Join Before Host.
• For class meetings, share your Zoom link from within your course in theSpring.

Managing the Meeting:

Hopefully, if you have taken the above measures, you will not have any unwelcome intruders. However, here are some suggestions for how you can manage your meetings to avoid unwanted disruptions. All of these Zoom meeting controls are explained in a short video found here.

• Lock your meeting – After all of your participants have joined your meeting, use the Lock Meeting feature to prevent any other participants from joining the meeting. Note: When a meeting is locked, no one else can join and the host or co-host will NOT be alerted if anyone tries to join—so don’t lock the meeting until everyone has joined.
• Screen sharing should be set to Host only by default to prevent unwanted attendees sharing or disruption. You can set this control before or during the meeting by using the host controls available at the bottom of the Zoom window. While in a meeting, you can change this if needed to allow other attendees to share their screens. If you do make this change and decide to return to having screen sharing be limited to the host, take the following steps:
  • Click the up-arrow next to Share Screen.
  • Select Advanced Sharing Options.
  • Under Who can share, click Only Host.
• Control chat – As the host, you can control which meeting or webinar participants are allowed to chat with. You can also disable the chat feature for all participants, or disable private chat so participants cannot send private messages. 
• Remove participants – If you have unauthorized users joining your meeting, you can use the Remove Participant feature, which will remove the user from the meeting and prevents them from re-joining the meeting. From the Participants menu, find the attendee you want to remove, and hover your cursor over the name. A range of options will appear. Click on Remove. The removed individual can not rejoin unless you have enabled Allow Participants and Panelists to Rejoin.
• Rename themselves – A host can prevent participants from renaming themselves in the meeting by disabling this option.
• Put attendees on hold – A host can temporarily put an attendees’ (or all participants) video and audio on hold. To do so, click on the participants video and select Start Attendee On Hold to activate. Click Take Off Hold in the Participants List when you’re ready to have the return.
• Hosts can also disable attendee’s video, mute participants, turn off file transfer (if it has been implemented in your Zoom system), turn off annotation, and disable private chat.

Best Practices for Recording Zoom Meetings and Addressing Student Privacy

Do live class sessions in Zoom need to be recorded? In some cases, course content can be recorded and delivered to students asynchronously, for them to view outside of scheduled class time. This allows for students who are in different time zones to be able to view lectures at a time that makes better sense for them.

If you do need to record, we recommend the following steps to assure FERPA compliance:

• Make participants aware that the session is being recorded, for what purpose, and let them know where it will be securely stored.
• Consider using the Consent to be Recorded feature. As a host, you can enable this setting so that participants receive a prompt to provide their consent to be recorded. Attendees will receive a notification when a recording starts or if they join a session that is already being recorded. The attendee can either consent to stay in the session or leave. (Instructions for how to Consent to be Recorded, Instructions for how to provide Consent as an Attendee, and How to run a report on attendee consent)
• If necessary, allow students to turn their video off and/or communicate via chat instead of speaking.
• To protect privacy while recording, an attendee can opt to implement a virtual background so others are not able to see view their physical surroundings. (How to setup a virtual background)
• Only share recorded Zoom sessions securely, via Zoom, Ensemble Cloud, or Blackboard or Brightspace/theSpring.