Guidelines for Secure Zoom Meetings – Florida Gulf Coast University ITS

Purpose:

These guidelines are for Florida Gulf Coast University employees that use Zoom for Meetings. This document is meant to provide guidance and is not inclusive to keeping your video meetings safe and secure. Information Technology Services (ITS) recommends Microsoft Teams as standard meeting software. ITS does not advocate the use of Zoom due to privacy, data collection, data sharing, and intellectual property concerns. If you must use Zoom, we have outlined some security guidelines you must understand and use. Information in these guidelines was gathered from Zoom’s official website.

Do not use the free version of Zoom. If you are looking for a “free” option, ITS has secured enterprise licensing for FGCU employees to use Microsoft Teams.

When conducting a Zoom meeting, it is imperative to:

Validate participants and only let intended guests into your meeting. This protects participants from identity issues and FERPA violations when in an instructional setting. The inherent design of Zoom requires meeting organizers to take extra precautions.
Validate configuration settings to prevent what is known as “Zoombombing”, in which a malicious user could connect to a user’s meeting and share inappropriate content or video.
- In an effort to enable greater security, Zoom will no longer display the join link on the confirmation page of their web browser and will only be shown in the participants' email confirmation (Learn more about managing meeting and webinar registration).

Faculty MUST understand and follow the Hosting guidelines below to protect our students:

Security Practices:

Pre-Meeting Settings

Make sure you are using the most recent version of Zoom (Zoom requires 5.0+ as of 5/30/2020). Zoom is continually releasing security enhancements such as encryption for your meetings. More information can be found by visiting the Zoom Blog.
Turn on Your Waiting Room - This allows you to admit individual meeting participants at your discretion
- Follow FERPA and protect student Privacy by only allowing students who are registered in your class into your Zoom meeting (Learn more about waiting rooms).
Don’t Use Personal Meeting ID (PMI) for Meetings.
- A PMI is a 10-digit number assigned to an individual’s Zoom account. This becomes the user’s personal virtual meeting room.
- Ensure your Personal Meeting ID (PMI) is toggled OFF when you start an ad hoc meeting.
- Instead, schedule new meetings with the meeting IDs set to “Generate Automatically”. That way only invited attendees will know how to join the meeting.
Require a Password to Join.
- When scheduling a meeting in Zoom, choose the option to require a meeting password. A password will automatically be generated for you, or you have the option to change this to a password of your choice. If using your own password, remember that before participants can join your session, they will be asked to enter this password (Learn more about adding a password).
Only Allow Registered or Domain Verified Users, or send the meeting invite directly to the people you want participating. Do not post meeting invites on publicly accessible webpages.
- When scheduling a meeting, require attendees to register with their valid FGCU email address and name.
- Set the standard that attendees must use their @fgcu.edu or @eagle.fgcu.edu email accounts, not personal email accounts (Learn more about registration for meetings).

In-Meeting Settings

Review the Security Menu.
- Located in the In-Meeting menu, the security section contains many important features.
  - Lock the Meeting.
    - Once all attendees have arrived, lock your meeting from the security menu, preventing additional attendees from joining.
  - Enable Waiting Room
    - If you forgot to activate the Waiting Room at the beginning of the meeting, you can do so during the meeting.
  - Control your meeting by managing Participants in the following ways:
    - Disable Screen Sharing - This feature allows someone besides the meeting organizer to share their screen. Toggle it off unless you need another person to share their screen.
    - Disable/Enable Private Chat – This feature allows attendees to type questions or talk to each other. Turn this off unless you want meeting attendees to use this feature, otherwise, it could be a distraction.
    - Disable/Enable Annotation – This feature allows participants to annotate (draw, write, etc.) on the screen during your presentation. Disable attendee annotation unless you want meeting attendees to annotate on the screen during your meeting.
    - Disable/Enable Mute Participants – Turning this feature off stops others from talking and prevents background noises like a dog barking from interrupting the meeting.
    - Make Someone a Co-Host.
      - Traditionally as Host, you have total control over the meeting, but if you need assistance managing participants, another trusted attendee can be promoted as Co-Host.
      - Co-Hosts have similar privileges and controls available as the original meeting organizer Host.
    - Remove Participants - Hopefully, you will not have to use this feature; however, Zoom has many inherent security issues that require you to understand this feature. If you notice someone in your meeting/class that does not belong, use this feature to remove the person.

Additional Resources

Checklist for Zoom Meetings

Pre-meeting:

Use the latest version of Zoom (select Profile in the upper-right for Zoom’s latest Security Updates).
Do NOT use the free version of Zoom.
Set a new Meeting ID to Generate Automatically.
Set and use a password for the meeting.
Enable the Waiting Room for the meeting.
Send a meeting URL invite to only the participants directly (do not place on any public platform).

Holding the Meeting:

Only invite participants you know into the meeting from the Waiting Room.
Disable the microphone for all participants except those presenting.
Remove any disruptive participants immediately.
If recording, let your participants know that they are being recorded (this is a requirement for the state of Florida).

Ending the Meeting:

Remove all remaining participants from the meeting.

Quick-Guide

Changing Default Security Settings*

Option	Default	Recommended	Feature Notes
Meeting ID	Off/Not enabled. Personal Meeting ID (PMI) displays unique to you. Leave default at OFF when scheduling or starting	*Select to Enable Meeting IDs to Generate Automatically*	A unique meeting ID will be generated for each meeting by selecting Generate Automatically
Require a meeting password	On/All meetings/Unlocked	*Enable On to require a password/All Meetings/Locked*	If participants join by phone a numeric password will be required/generated
Lock Meeting-found in Security tab	Not enabled	*Enable Lock Meeting*	Once Locked, no more participants will be allowed in meeting
Share Screen - Screen Sharing>Advanced Sharing	Options available: All Participants Host Only Unlocked	*Choose Host Only/Locked*	Allows host and participants to share their screen or content during meetings. By choosing only Host you have screen control
Advanced Options: Enable Waiting Room	Not enabled	*Check to Enable Waiting Room*	Participants must wait until Host allows entry
Advanced Options: Mute participants on entry	Not enabled	*Check to Enable mute participants*	This helps Host control participants background noise

*Options above may vary depending on the license you purchased. This security guideline is focused on default settings to modify. Go to Account Settings>Meetings>Schedule Meeting and/or may be modified under Account Settings>Meetings>In Meeting (see Basic and Advanced Options section).

Zoom In-meeting bottom menu bar selections: