Nowadays there are several good ways to arrange meetings as video conferencing and there are more ways to have easy one-on-one video calls with your friends, colleagues and customers. During the COVID-19 pandemic these tools have became more and more appreciated. To select the right tools might be hard. But when you are working with customers, business secrets and money, it all comes down to safety.
Today we are discussing Zoom Cloud Meetings. It has been several times in headlines for some security issues. Some of them were because of some coding choices back in the old days. Currently the software seems quite ok, but you need to be careful with the settings.
Why would you like to use Zoom Cloud Meetings?
+ Full screen video optimization: Show video fluently to audience with “Share screen”
+ Only 1 license needed for up to 100 participants
+ Breakout Rooms to devide participants to smaller room
+ Participants do not need account
+ Invitation link opens the app directly to the meeting (meeting password included in the link)
+ Localized Call in phone numbers (local call in many parts of the world)
What settings you should consider?
We list the settings here with the same categories that are used in the Zoom Settings page of you Zoom profile. We have added our estimate of the impact of the setting to “Impact” column.
Dislaimer
You are still using the program or service on you own risk. The guidence in this article is provided just to raise awareness to some security points. You should always read through and understand the service providers manuals, notes and guidance before you change any setting or approve of its value.
Meeting > Schedule Meeting
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| Host video | OFF | MODERATE | Rather start your camera by your self than automatically. |
| Participants video | OFF | MODERATE | Let participants to start their cameras by themselves. |
| Audio Type | – | Do you want allow telephone connections? | |
| Join before host | OFF | IMPORTANT | Do not let the participants to keep a meeting without you |
| Enable Personal Meeting ID | OFF | IMPORTANT | PMI doesn’t change, so the meeting ID doesn’t change between meetings. Easier to guess. Do not use this. |
| Use Personal Meeting ID (PMI) when scheduling a meeting | OFF | IMPORTANT | [See above] |
| Use Personal Meeting ID (PMI) when starting an instant meeting | OFF | IMPORTANT | [See above] |
| Require a password for Personal Meeting ID (PMI) | ON | IMPORTANT | You should always have a password, no matter what |
| Only authenticated users can join meetings | – | IMPORTANT | If you allow only authenticated, the participants need to register with Zoom. |
| Only authenticated users can join meetings from Web client | – | IMPORTANT | [See above] |
| Require a password when scheduling new meetings | ON | IMPORTANT | You should always have a password, no matter what |
| Require a password for instant meetings | ON | IMPORTANT | You should always have a password, no matter what |
| Embed password in invite link for one-click join | – | ON if you want easy join. OFF if you want to provide the password seperate from the link | |
| Require password for participants joining by phone | ON | IMPORTANT | You should always have a password, no matter what |
| Mute participants upon entry | ON | IMPORTANT | Good practice not to start meeting with all mics on |
| Upcoming meeting reminder | – |
Meeting > In Meeting (Basic)
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| Require encryption for 3rd party endpoints (SIP/H.323) | ON | IMPORTANT | You should always use encryption if possible |
| Chat | OFF | MODERATE | Consider if needed, might be a distraction |
| Private chat | OFF | MODERATE | [See above] |
| Auto saving chats | MODERATE | Privacy vs. trackablity | |
| Play sound when participants join or leave | OFF | Distraction | |
| File transfer | OFF | MODERATE | Consider the need vs threats (virus, improper content) |
| Feedback to Zoom | OFF | Privacy, user experience | |
| Display end-of-meeting experience feedback survey | OFF | [See above] | |
| Co-host | |||
| Polling | OFF | MODERATE | Distraction? |
| Always show meeting control toolbar | ON | MODERATE | Easy access to needed tools in case of problems |
| Show Zoom windows during screen share | |||
| Screen sharing | |||
| Screen sharing – Who can share? | Host Only | IMPORTANT | This allows screen share from host/co-host only. |
| Screen sharing – Who can start sharing when someone else is sharing? | Host Only | IMPORTANT | Disables participant override |
| Disable desktop/screen share for users | MODERATE | Might help to keep things private | |
| Annotation | OFF | IMPORTANT | Use only if really needed. Annotation / Whiteboard enables uncontrolled participant content |
| Whiteboard | OFF | IMPORTANT | [See above] |
| Remote control | OFF | MODERATE | Use only if needed. |
| Nonverbal feedback | OFF | MODERATE | Use only if needed. |
| Allow removed participants to rejoin | OFF | IMPORTANT | If you remove someone, do you want him/her there? |
| Allow participants to rename themselves | |||
| Hide participant profile pictures in a meeting | ON | IMPORTANT | Uncontrolled participant content |
Meeting > In Meeting (Advanced)
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| Report participants to Zoom | ON | IMPORTANT | Allow abuse reporting |
| Breakout room | |||
| Remote support | OFF | MODERATE | Disable if not needed. |
| Closed captioning | |||
| Save Captions | |||
| Far end camera control | OFF | MODERATE | Security risk |
| Group HD video | |||
| Virtual background | OFF | MODERATE | Distraction |
| Identify guest participants in the meeting/webinar | ON | MODERATE | Might give some added security in some scenarios |
| Auto-answer group in chat | OFF | MODERATE | Keep of if not needed |
| Only show default email when sending email invites | |||
| Use HTML format email for Outlook plugin | |||
| Allow users to select stereo audio in their client settings | |||
| Allow users to select original sound in their client settings | |||
| Select data center regions for meetings/webinars hosted by your account | MODERATE | Depends on your privacy and data protection requirements | |
| Waiting room | ON | IMPORTANT | Control participant access to the meeting with holding them in a waiting room before admiting them to the meeting |
| Waiting room – Choose which participants to place in the waiting room | All participants | IMPORTANT | [See above] |
| Show a “Join from your browser” link | |||
| Allow live streaming meetings | OFF | MODERATE | Use only if needed |
Meeting > Email Notification
There is only one important semi-security related setting here, so we only list this one.
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| When someone scheduled a meeting for a host | ON | MODERATE | Receive updates of changes made by other you have authorized |
Other
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| Blur snapshot on iOS task switcher | ON | IMPORTANT | Protect your participants identity |
| Invitation Email | |||
| Schedule Privilege | [Empty] | IMPORTANT | Provide access only if really needed |
Recording
We recommend you to disable the recording both locally and in cloud to protect the privacy of the meetings.
If you require recording, please consider if the client recording should still be disabled. And at least require password to access the records.
Telephone
There is one important setting here.
| Setting name | Recommended value | Impact | Description |
|---|---|---|---|
| Mask phone number in the participant list | ON | IMPORTANT | This is a security vs. privacy setting. Please consider if you want you participant to be able to see these phone numbers. |
Recent Comments