Zoom Security Guide |

ZOOM 5.0 IS COMING! THIS GUIDE IS ALREADY UPDATED FOR IT AND WILL HELP YOU PREPARE!

DESIGNED FOR PLAIN LANGUAGE CLARITY FOR THE NON-TECHIES AMONG US WHO WANT THEIR ZOOM MEETINGS TO BE AS SAFE AS POSSIBLE FROM DISRUPTIONS (ALSO KNOWN AS “ZOOM BOMBING”).

Note: “Zoom Bombing” is a slang term that describes a meeting being invaded by disruptive people who are taking advantage of lax or default Zoom security settings and flooding the meetings with obscene and annoying rhetoric.

Try not to take these attacks personally, please. To those in recovery programs, know that these disruptors are not targeting your recovery meetings specifically. They are attacking the Zoom platform itself– the accounts that do not have their security properly configured.
Let’s define the problem first. The entire problem is rooted in the fact that a brand new Zoom account is set by default with the security and sharing settings mostly wide open. All features that can be used for an attack are pretty much turned on by default, instead of being turned off as they should be.

THE ZOOM CONFIGURATION GUIDE

Just follow these suggestions and you will not be able to be flooded with disruptions anymore. You still may have annoying users from time to time just like in a physical meeting, but they will be much easier to deal with, you’ll see. We’re going to greatly reduce the ways that they can attack your Zoom meeting. We’re going to configure your Zoom account the way it should have been to start with.

Simply:

log in to your Zoom account with a desktop web browser,
choose your personal settings on the left,
follow along with the guide,
find the matching settings that I describe and then
change that item to the suggested setting– if it is different.

IMPORTANT TO READ BEFORE YOU START: ADMINS, HOSTS AND CO-HOSTS SHOULD NOT BE ON A MOBILE DEVICE WHEN RUNNING A MEETING. USE A FULL PC OR FAIRLY DECENT LAPTOP.

AND NOW, THE INSTRUCTIONS. JUST FOLLOW ALONG IN THE ZOOM ACCOUNT SETTINGS (everything is in order now, but this guide does skip over settings that don’t matter to security so just keep looking for the next one in the list to “sync back up” with the guide as you go through it):

* In the MEETING sub-tab in account settings, change the following:

(SCHEDULE MEETING subsection)

–enable/TURN ON — HOST VIDEO AND PARTICIPANTS VIDEO
–disable/TURN OFF– the JOIN BEFORE HOST setting
–disable/TURN OFF– USE PERSONAL MEETING ID (PMI) when scheduling a meeting
–disable/TURN OFF– USE PERSONAL MEETING ID (PMI) when starting an instant meeting
–disable/TURN OFF– ONLY AUTHENTICATED USERS CAN JOIN MEETINGS
–enable/TURN ON– ONLY AUTHENTICATED USERS CAN JOIN MEETINGS FROM WEB CLIENT
–disable/TURN OFF– REQUIRE A PASSWORD WHEN SCHEDULING NEW MEETINGS
–disable/TURN ON– EMBED PASSWORD IN MEETING FOR ONE-CLICK JOIN
–-enable/TURN ON– MUTE PARTICIPANTS ON ENTRY (This prevents people from coming in and being immediately disruptive

(IN MEETING – BASIC subsection)

–enable/TURN ON– REQUIRE ENCRYPTION FOR THIRD PARTY ENDPOINTS
–enable/TURN ON– CHAT
–enable/TURN ON– PREVENT PARTICIPANTS FROM SAVING CHAT
–disable/TURN OFF– PRIVATE CHAT
–disable/TURN OFF– AUTO SAVING CHATS
–disable/TURN OFF– FILE TRANSFER so that there can be NO WAY for pictures, videos or anything else to be uploaded ever to your meeting, either in chat or via screen sharing
–disable/TURN OFF– FEEDBACK TO ZOOM
–enable/TURN ON– the CO-HOST feature
–enable/TURN ON– ALWAYS SHOW MEETING CONTROL TOOLBAR
–disable/TURN OFF– SCREEN SHARING
–enable/TURN ON– DISABLE DESKTOP SCREEN SHARE FOR USERS
–disable/TURN OFF– ANNOTATION, WHITEBOARD, and REMOTE CONTROL (all three)
–disable/TURN OFF– ALLOW REMOVED PARTICIPANTS TO REJOIN
–disable/TURN OFF– ALLOW PARTICIPANTS TO RENAME THEMSELVES
–disable/TURN OFF -OR- enable/TURN ON– HIDE PARTICIPANT PROFILE PICTURES IN A MEETING

(IN MEETING – ADVANCED subsection)

–disable/TURN OFF– REPORT PARTICIPANTS TO ZOOM
–disable/TURN OFF– VIRTUAL BACKGROUND
–DO NOT DISABLE/TURN ON AND LEAVE ON– the WAITING ROOM feature
–enable/TURN ON– SELECT DATA CENTER REGIONS FOR MEETINGS/WEBINARS HOSTED BY YOUR ACCOUNT
–disable/TURN OFF– SHOW A “JOIN FROM YOUR BROWSER” LINK

(RECORDING subsection)

–disable/TURN OFF– LOCAL RECORDING
–-disable/TURN OFF– CLOUD RECORDING
–disable/TURN OFF– AUTOMATIC RECORDING

(TELEPHONE subsection)

–disable/TURN OFF– 3rd PARTY AUDIO
–enable/TURN ON– MASK PHONE NUMBER IN PARTICIPANT LIST

IN THE SCHEDULED MEETINGS THEMSELVES (as you set them up and manage them):

Just make sure the relevant settings that you see have now set in your global account settings (what you just did in the guide, above) also match up with the same way they are set individual meeting settings.

DURING A MEETING HOST/Co-HOST CONTROL RECOMMENDATIONS:

1. SAFETY BUTTON (located in meeting on the control bar) GUIDE:

THE SAFETY BUTTON lets any host or co-host EASILY override many of the settings that are ALSO set on the admin (web) panel.

TOP SECTION

LOCK MEETING: sometimes OFF / sometimes ON
ENABLE WAITING ROOM: ALWAYS ON

BOTTOM SECTION “Allow Participants To”:

SHARE SCREEN: ALWAYS OFF
CHAT: HOST ONLY
RENAME THEMSELVES: ALWAYS OFF

OF NOTE: These will probably reset to their defaults every time you launch a new meeting, so always be sure as a host to check these. Since any (co)host can override your original admin setting during meetings, they can do a LOT of damage if not watched closely.

2. It’s VERY IMPORTANT that only the host and/or co-hosts control the muting or unmuting of people while a meeting is in session.

3. BE HAPPY THAT WAITING ROOM IS NOW TURNED ON FOR EVERYONE! IT IS THE KEY TO FINDING THE DISRUPTERS BEFORE YOUR USERS DO.

Here is A WAITING ROOM GUIDE on how to handle disruptors:
- Double-check that the name is not offensive
- Let them in. Whichever co-host lets them in should be responsible for them, it helps them work together better.
- Watch what they do. Be careful with “spotlight” because it will put them on display at “speaker view” level for EVERYBODY, not just you.
- Either kick them or let them stay.
- Say out loud, “I will NOT be lazy and lock the meeting after it starts!”

4. DO NOT LET PEOPLE RENAME themselves. This is best done by the host and co-hosts from within the live meeting interface.

5. –disable/TURN OFF– PUBLIC CHAT during the meeting.

6. On the subject of LOCKING THE MEETING. I recommend that with these settings in place that you DO NOT have to do it if you have a co-host willing to watch the waiting room. You can let people arrive late.

7. I recommend NOT requiring that users register as a requirement to join your meeting unless you are deliberately keeping the meeting exclusive ONLY for non-security reasons. It is UNRELATED to prevent disruption. The other settings already take good care of that and requiring it does nothing to protect you.

Thanks to Thom R

Time	Meeting	Location	Region
6:30 am	On Awakening	Jefferson Center	Eureka
6:30 am	Back To Basics Sunrise	Lutheran Church	Eureka
6:30 am	Savage Alcoholics Women	Online	Eureka
6:30 am	F.O.R. Attitude Adjustment	Online	Eureka
6:30 am	On Awakening	Online	Eureka
8:00 am	Focus On Recovery Attitude Adjustment	Faith Center Foursquare Church	Eureka
9:00 am	AA Everyday	Episcopal Church	Crescent City
9:00 am	Redwood Curtain Fog Cutters	Online	Crescent City

Zoom Security Guide

Calendar of Events

Upcoming AA Meetings