Update on Zoom Security

— Written By

[Message from NC State Emergency Management and Mission Continuity | April 8, 2020]

As many of you continue to use Zoom for coursework, meetings or simply to connect with colleagues and friends, we understand there have been incidents where inappropriate content has been shared with meeting attendees. These incidents, commonly referred to as “Zoombombing,” happen when uninvited users enter a Zoom meeting to cause disruption.

This is not just an issue at NC State and is not limited to Zoom – it’s happening at institutions across the country and with other web conferencing services. This behavior is contrary to our mission and values, and we want to assure you we are working to address it. In addition to several things below that you can consider doing to help prevent these incidents from happening in the future, NC State has resources for reporting and addressing these incidents if they do happen.

Make sure to update your device and software. If you have a university-managed device, OIT has pushed updates to help address security concerns. If you are using a personal computer to access Zoom, it’s important to make sure your device operating system is up-to-date, and that you are running the most current version of Zoom.

Do not publish your Zoom meeting URL publicly. This reduces the risk that it may be shared or accessed by others via social media or other means.

Restrict your meeting to authenticated NC State users only. This ensures that only NC State-authenticated users can join.

Require a password when hosting meetings with both NC State and non-NC State attendees. When you enable password protection, the Meeting ID is not enough for users to enter the meeting. This provides an extra layer of security. Note that if you are allowing users to join via phone, you need to set a separate password for these users.

When possible, designate additional co-hostsCo-hosts are not meeting leaders, but are responsible for monitoring the chat, managing questions, and assessing the general health of the space. Co-hosts can mute or remove participants as necessary.

Clearly communicate guidelines for engaging the space upfront. Some standard guidelines might include:

  • Participants’ audio will be muted upon entering the space
  • Use the hand raise function to be acknowledged by the moderator
  • Private chat is disabled
  • We reserve the right to mute or remove disruptive participants or individuals who are not participating in ways that honor our community purpose

Lock the meeting. Meeting hosts can prevent others from joining by using this function once anticipated attendees have joined.

Enable a Waiting Room. Before joining the meeting, users will first go into a Waiting Room and the meeting host can let them in selectively or all at once.

Disable Join Before Host. By disabling this function, users cannot enter the meeting until the host arrives.

Use new Meeting IDs for recurring meetings. If you are setting up recurring meetings, consider using a fresh Meeting ID each time to prevent the URL from being widely shared.

For additional information on protecting your Zoom meetings and details on how to implement some of these suggestions, see Protecting Zoom Meetings From Unwanted Disruptions.

We remain committed to providing welcoming and inclusive learning and working spaces. If you experience an incident of “Zoombombing” or other interference within these platforms that is related to potential bias, please know we have resources to help address these situations. You can submit a Bias Impact Report to the Office for Institutional Equity and Diversity. While we hope these incidents don’t occur, we stand prepared to respond if they do.

We thank you for your patience and teamwork as we work to address these issues. If you have any concerns or experience an incident, please contact LearnTech – email learntech@ncsu.edu or call 919.513.7094.

Other video conferencing solutions may have similar issues so please be sure to practice similar protections for those as well.