Nowadays there are several good ways to arrange meetings as video conferencing and there are more ways to have easy one-on-one video calls with your friends, colleagues and customers. During the COVID-19 pandemic these tools have became more and more appreciated. To select the right tools might be hard. But when you are working with customers, business secrets and money, it all comes down to safety.

Today we are discussing Zoom Cloud Meetings. It has been several times in headlines for some security issues. Some of them were because of some coding choices back in the old days. Currently the software seems quite ok, but you need to be careful with the settings.

Why would you like to use Zoom Cloud Meetings?

+ Full screen video optimization: Show video fluently to audience with “Share screen”
+ Only 1 license needed for up to 100 participants
+ Breakout Rooms to devide participants to smaller room
+ Participants do not need account
+ Invitation link opens the app directly to the meeting (meeting password included in the link)
+ Localized Call in phone numbers (local call in many parts of the world)

What settings you should consider?

We list the settings here with the same categories that are used in the Zoom Settings page of you Zoom profile. We have added our estimate of the impact of the setting to “Impact” column.

Dislaimer

You are still using the program or service on you own risk. The guidence in this article is provided just to raise awareness to some security points. You should always read through and understand the service providers manuals, notes and guidance before you change any setting or approve of its value.

Meeting > Schedule Meeting

Setting name Recommended value Impact Description
Host video OFF MODERATE Rather start your camera by your self than automatically.
Participants video OFF MODERATE Let participants to start their cameras by themselves.
Audio Type Do you want allow telephone connections?
Join before host OFF IMPORTANT Do not let the participants to keep a meeting without you
Enable Personal Meeting ID OFF IMPORTANT PMI doesn’t change, so the meeting ID doesn’t change between meetings. Easier to guess. Do not use this.
Use Personal Meeting ID (PMI) when scheduling a meeting OFF IMPORTANT [See above]
Use Personal Meeting ID (PMI) when starting an instant meeting OFF IMPORTANT [See above]
Require a password for Personal Meeting ID (PMI) ON IMPORTANT You should always have a password, no matter what
Only authenticated users can join meetings IMPORTANT If you allow only authenticated, the participants need to register with Zoom.
Only authenticated users can join meetings from Web client IMPORTANT [See above]
Require a password when scheduling new meetings ON IMPORTANT You should always have a password, no matter what
Require a password for instant meetings ON IMPORTANT You should always have a password, no matter what
Embed password in invite link for one-click join ON if you want easy join. OFF if you want to provide the password seperate from the link
Require password for participants joining by phone ON IMPORTANT You should always have a password, no matter what
Mute participants upon entry ON IMPORTANT Good practice not to start meeting with all mics on
Upcoming meeting reminder

Meeting > In Meeting (Basic)

Setting name Recommended value Impact Description
Require encryption for 3rd party endpoints (SIP/H.323) ON IMPORTANT You should always use encryption if possible
Chat OFF MODERATE Consider if needed, might be a distraction
Private chat OFF MODERATE [See above]
Auto saving chats MODERATE Privacy vs. trackablity
Play sound when participants join or leave OFF Distraction
File transfer OFF MODERATE Consider the need vs threats (virus, improper content) 
Feedback to Zoom OFF Privacy, user experience
Display end-of-meeting experience feedback survey OFF [See above]
Co-host
Polling OFF MODERATE Distraction?
Always show meeting control toolbar ON MODERATE Easy access to needed tools in case of problems
Show Zoom windows during screen share
Screen sharing
Screen sharing – Who can share? Host Only IMPORTANT This allows screen share from host/co-host only.
Screen sharing – Who can start sharing when someone else is sharing? Host Only IMPORTANT Disables participant override
Disable desktop/screen share for users MODERATE Might help to keep things private
Annotation OFF IMPORTANT Use only if really needed. Annotation / Whiteboard enables uncontrolled participant content
Whiteboard OFF IMPORTANT [See above]
Remote control OFF MODERATE Use only if needed.
Nonverbal feedback OFF MODERATE Use only if needed.
Allow removed participants to rejoin OFF IMPORTANT If you remove someone, do you want him/her there?
Allow participants to rename themselves
Hide participant profile pictures in a meeting ON IMPORTANT Uncontrolled participant content

Meeting > In Meeting (Advanced)

Setting name Recommended value Impact Description
Report participants to Zoom ON IMPORTANT Allow abuse reporting
Breakout room
Remote support OFF MODERATE Disable if not needed.
Closed captioning
Save Captions
Far end camera control OFF MODERATE Security risk
Group HD video
Virtual background OFF MODERATE Distraction
Identify guest participants in the meeting/webinar ON MODERATE Might give some added security in some scenarios
Auto-answer group in chat OFF MODERATE Keep of if not needed
Only show default email when sending email invites
Use HTML format email for Outlook plugin
Allow users to select stereo audio in their client settings
Allow users to select original sound in their client settings
Select data center regions for meetings/webinars hosted by your account MODERATE Depends on your privacy and data protection requirements
Waiting room ON IMPORTANT Control participant access to the meeting with holding them in a waiting room before admiting them to the meeting
Waiting room – Choose which participants to place in the waiting room All participants IMPORTANT [See above]
Show a “Join from your browser” link
Allow live streaming meetings OFF MODERATE Use only if needed

Meeting > Email Notification

There is only one important semi-security related setting here, so we only list this one.

Setting name Recommended value Impact Description
When someone scheduled a meeting for a host ON MODERATE Receive updates of changes made by other you have authorized

 

Other

Setting name Recommended value Impact Description
Blur snapshot on iOS task switcher ON IMPORTANT Protect your participants identity
Invitation Email
Schedule Privilege [Empty] IMPORTANT Provide access only if really needed

Recording

We recommend you to disable the recording both locally and in cloud to protect the privacy of the meetings.

If you require recording, please consider if the client recording should still be disabled. And at least require password to access the records.

Telephone

There is one important setting here.

Setting name Recommended value Impact Description
Mask phone number in the participant list ON IMPORTANT This is a security vs. privacy setting. Please consider if you want you participant to be able to see these phone numbers.