A. For all Zoom users
-
Use the latest version of Zoom application and security software
- Download the apps from the official website or official apps store
- Keep the Zoom application updated
- Keep the operating system updated (both desktop and mobile devices). Install anti-virus software and always keep updated
-
Beware of any Universal Naming Convention (UNC) links shared by unknown participants
- Do not click any suspicious UNC links shared by unknown participants
- (For advanced Windows user) Set up group policy to prevent sharing of your credential3
-
Do not share confidential information during the meeting
- Zoom does not support complete end-to-end encryption (end-to-end encryption means the service provider Zoom cannot view the content of clients’ meetings)
- To prevent information leakage, avoid discussing any confidential information
-
Use a meaningful display name
- Avoid using misleading name or online nickname to let the host can identify users easily
-
Protect Zoom account and monitor suspicious activities
- Set a strong account password
- Monitor suspicious account activity. Sign out all Zoom clients when in doubt (e.g. if your computer or phone is lost or stolen, sign out all clients and change the sign-in password)
- Do not share or publish the meeting ID or links sent by the organizer arbitrarily
B. For Zoom meeting hosts
-
Make meetings private and deny trespassers
- Share the meeting ID and link to intended participants only and do not share on any social media or public platform
- Set a different meeting ID and password for each meeting
- Set a strong meeting password, and send meeting links separately to participants
- Use “Pre-register” feature to control the participant list
- Disable “Join before Host” option to ensure the host is already present before participants join the meeting, so that let the host could identify participants in advance
- Use the “Waiting room” feature to control admittance of participants
- Lock the meeting once everyone has joined
- Set the sharing screen to “Only Host”, and only open this function to participants when needed
-
Monitor your own meeting
- Use an alternate device to sign in as a participant
- Monitor any inappropriate content shared by participants. Remove malicious contents and participants when needed
-
Pay attention to security and privacy of meeting recording
- Give participants a prior notice if you will record the meeting
- If the video contains sensitive information, it should be saved on PC rather than on the cloud with appropriate access permissions, and only shared with trusted parties
-
Keep your Personal Meeting ID private
- This ID ties to the account of the Zoom host and should be used by the host privately
- Do not share it, nor use it in general meetings
-
Follow Organisation Security Policy for Zoom web meetings
- Each user or employee of an organisation must follow both user and hosting web participation meeting policies.
- Organisation must strongly implement the usage guidelines of Zoom and the related security controls.