DO’s & DON'Ts to safeguard Zoom meetings

Below is the list of best practices of the do’s and don’ts to safeguard your Zoom meetings.

Scheduling: The Do’s

• DO keep meeting passwords on.

  • Meeting passwords are randomly generated for scheduled meetings using automatic meeting IDs.

• DO use automatically-generated meeting IDs.

  • When scheduling a meeting, you should set the "Meeting ID" to "Generate Automatically."

• DO keep meeting links private if your meeting is private.

  • Share links only where necessary and avoid anywhere that’s accessible to the public. Just keep it to the group of people you’re sure you want to be there.

• DO control who you distribute classroom meeting invite links to.

  • If your link isn't published on the public internet and your meeting is password-protected, outside harassers will have a difficult time joining your meeting. Using the Canvas LTI integration to schedule your Zoom class sessions is the best way to ensure your course links are only distributed to your students.

• DO verify your Google Calendar sharing.

  • Google allows very broad calendar sharing capabilities, possibly more public than is always appropriate. To avoid leaking Zoom links and passwords, set “Make available for SJSU” and/or “Make available to public” to See only free/busy (hide details). This will keep the details of your calendar private.

    If you need to share more information to selected people, then set “See all event details” to only specific SJSU people and groups. For more information, see Google’s “Share your calendar” support page.

• DO set your meeting to mute new people on entry if you’re running a large class or meeting.

  • Have your co-hosts monitor for the "raised hand" gesture icon, and un-mute people when it's their turn to speak. Don't allow them to un-mute themselves. 

• DO enable registration if you’re running a public meeting or event.

  • If you have to publish your “join meeting” link publicly, registration will allow you to review the people who are planning to attend.

• DO enable the waiting room if you’re running a public event or a large class.

  • Your waiting room can help you verify the people attending

• DO enable "Authentication Exception"

  • If you are scheduling a Zoom meeting or class, and are inviting outside (non-SJSU) participants, you now have the option to enable authentication for SJSU accounts, and provide exceptions for your external attendees.

    When scheduling (or editing) your meeting at https://sjsu.zoom.us/meeting you will now see an "Authentication Exception" option.

    

    After clicking "add" you will be able to add outside attendees who will get an individualized custom join link that allows them to bypass authentication.

    

    Please start using this feature for your meetings and classes to prevent Zoom Bombing.

Hosting: The Do’s

• DO use your waiting room to welcome attendees if you have enabled it.

  • A waiting room puts each of your meeting attendees into an individual space where they can test their microphones and cameras. When you start your meeting or class, you have the option to release all people from the waiting rooms, or individually welcome them. Individually welcoming attendees is a great way to handle “roll call” for your class.

• DO disable annotation in your meeting.
  • If you are not going to use the annotation feature to allow your participants to mark up screen sharing and shared whiteboards, disable annotation tools in your meeting. Annotation is a popular tool for harassers.
• DO consider locking your meeting or class after everyone has joined.
  • When a meeting is locked, no one new can join. Learn how on the Securing Zoom Meetings at SJSU page.
• DO become familiar with the security options on the toolbar.
  • Meeting hosts have a Security icon on the toolbar for quick access to essential in-meeting security controls.
• DO use the “On hold” and “Remove” features when necessary.

  • “On Hold” can be used to stop a participant from sharing their video and speaking to a class. This is a good tool for stopping a momentary disruption.

    “Remove” can be used to eject a participant who has been repeatedly disruptive.

The Don'ts

• DON'T use your Zoom Personal Meeting ID (PMI).

  • Your Personal Meeting ID does not change. This makes it easy for people you haven’t invited to attempt to find and join your personal meeting.

    Your Personal Meeting ID password is not automatically generated, and does not change unless you change it. This makes it easy for people who have joined your personal meeting before to join your new personal meetings.

    When scheduling a meeting, you should set the "Meeting ID" section to set "Generate Automatically."

• DON’T host alone if you’re running a large meeting or class.

  • Hosting solo when there are dozens of participants in your meeting can distract you from your teaching or chairing duties. Co-hosts can help you monitor your participants and manage the flow of your class or meeting.

    Recruit co-workers to help you co-host your meetings.

    eCampus resources are available to help instructors who are hosting classes. Contact eCampus for information about the availability of student assistants who can help you co-host your class.

    If you have scheduled co-hosts, promote them and grant them co-hosting rights immediately after starting your class or meeting.

• DON’T enable Screen Sharing unless necessary

  • For education users, the screen sharing settings are defaulted to allow only the host to share a screen. This prevents attendees from sharing unwanted or distracting content. To allow your attendees to share content, you can adjust this setting or toggle in-meeting sharing in the Security icon.