Zoom security considerations at Queen's
July 19, 2021
Share
Queen’s IT Services has provided information on Zoom Security practices that should be followed for all Zoom meetings. Anyone with questions regarding setting up safe and secure zoom meetings can contact the IT representative in their unit or the IT Services help desk.
How to Secure Your Zoom Meetings
You may have heard of Zoom bombing (the unwanted intrusion by an individual into a video conference call, causing disruption). To protect your Zoom meetings, IT Services recommends the following best practices:
Before the meeting:
- Require authentication to join Zoom meetings
- Requiring your attendees to authenticate by being signed in to Zoom with a Queen’s University NetID and password can make your Zoom meeting more secure. It can also save you from having to admit them from the Waiting Room and provides their Queen’s University names in the meeting Participants list. If you have guest speakers, there is now the option to allow authentication exceptions.
- Manage invitations so that only those who need to be in the session have access to the link/invitation.
- Never post your meeting URL or password in a public forum.
- Don’t use your Personal Meeting ID for scheduled meetings.
- Manage how participants will enter the meeting:
- For meetings where all participants are members of Queen’s, require participants to authenticate;
- For small to medium size meetings with external participants, require a password to join;
- For large meetings with external participants, require participants to register;
- Set up the Waiting Room.
During the meeting:
- Assign a co-host to assist to manage participants during the meeting.
- Lock the meeting to prevent additional participants from joining after a designated start time.
- Use the configuration options within Zoom to mute all participants when appropriate, or to mute by default on entry.
- Use the options within Zoom to control screen/whiteboard sharing:
- Disable participant screen sharing to prevent inappropriate content sharing;
- Disable private chat to prevent cyberbullying and/or inappropriate comments;
- Disable annotation to prevent inappropriate content sharing.
- When sharing screens, ensure no private information is open on your desktop.
- Only allow video for the session if necessary.
- Remove participants if they do not follow proper netiquette (i.e. if they are rude or do not adhere to meeting rules).
Learn more: Securing Your Zoom Meetings and How to Keep Uninvited Guests Out of Your Zoom Event
Security best practices for participants:
- While participating in online web conferences and meetings, students, faculty, staff and guests are expected to abide by all policies governing behaviour, including but not limited to: relevant codes of conduct, and acceptable use of technology policies.
- Do not post pictures of meetings that you have attended on social media without consent from each of the participants.
- Be mindful of what is in your background and visible to other participants during your meeting.
- Be aware of who can listen to your meeting (i.e., who is physically around you).
Protecting your privacy when using a Zoom account:
A Zoom account requires that you log in to the Queen’s network using your Queen's NetID. This reduces risks related to password reuse, as well as to ensure that participants are identifiable within meetings. Queen’s does not share your credentials with Zoom.
Data storage and protection:
Zoom at Queen’s does not store your personal information aside from name, email address, department, profile picture from Outlook, and office phone number (if applicable). If you choose to add additional information to your Zoom profile, the information is also stored.
Data at rest is stored on Amazon Web Services (AWS) using AWS server-side encryption. All shared content (e.g. video, screen sharing, audio, and messages) can be protected with the Advanced Encryption Standard (AES) 256. To learn more about Zoom Encryption, please refer to the Zoom Encryption Whitepaper (PDF, 653KB).