A. For all Zoom users

  1. Use the latest version of Zoom application and security software
    • Download the apps from the official website or official apps store
    • Keep the Zoom application updated
    • Keep the operating system updated (both desktop and mobile devices). Install anti-virus software and always keep updated
  2. Beware of any Universal Naming Convention (UNC) links shared by unknown participants
    • Do not click any suspicious UNC links shared by unknown participants
    • (For advanced Windows user) Set up group policy to prevent sharing of your credential3
  3. Do not share confidential information during the meeting
    • Zoom does not support complete end-to-end encryption (end-to-end encryption means the service provider Zoom cannot view the content of clients’ meetings)
    • To prevent information leakage, avoid discussing any confidential information
  4. Use a meaningful display name
    • Avoid using misleading name or online nickname to let the host can identify users easily
  5. Protect Zoom account and monitor suspicious activities
    • Set a strong account password
    • Monitor suspicious account activity. Sign out all Zoom clients when in doubt (e.g. if your computer or phone is lost or stolen, sign out all clients and change the sign-in password)
    • Do not share or publish the meeting ID or links sent by the organizer arbitrarily

B. For Zoom meeting hosts

  1. Make meetings private and deny trespassers
    • Share the meeting ID and link to intended participants only and do not share on any social media or public platform
    • Set a different meeting ID and password for each meeting
    • Set a strong meeting password, and send meeting links separately to participants
    • Use “Pre-register” feature to control the participant list
    • Disable “Join before Host” option to ensure the host is already present before participants join the meeting, so that let the host could identify participants in advance
    • Use the “Waiting room” feature to control admittance of participants
    • Lock the meeting once everyone has joined
    • Set the sharing screen to “Only Host”, and only open this function to participants when needed
  2. Monitor your own meeting
    • Use an alternate device to sign in as a participant
    • Monitor any inappropriate content shared by participants. Remove malicious contents and participants when needed
  3. Pay attention to security and privacy of meeting recording
    • Give participants a prior notice if you will record the meeting
    • If the video contains sensitive information, it should be saved on PC rather than on the cloud with appropriate access permissions, and only shared with trusted parties
  4. Keep your Personal Meeting ID private
    • This ID ties to the account of the Zoom host and should be used by the host privately
    • Do not share it, nor use it in general meetings
  5. Follow Organisation Security Policy for Zoom web meetings
    • Each user or employee of an organisation must follow both user and hosting web participation meeting policies.
    • Organisation must strongly implement the usage guidelines of Zoom and the related security controls.