Zoom Privacy and Security - Zoom At Carleton

Securing a Zoom Meeting
Enabling Security Settings for your Zoom Meeting
Requiring Authentication for Zoom Meetings
What security settings do I need for my meeting?
Reporting a Zoombomber or abusive user
Top 5 Security Recommendations for Zoom
Zoom Data Storage
Privacy and Security Resources

Securing a Zoom Meeting

We recommend securing your Zoom meetings to prevent incidents of “Zoombombing” or other unwanted interruptions. See the resources below for more information on how to secure a Zoom meeting.

NOTE: To enhance security, authentication will be required by default for all Carleton Zoom meetings as of August 29th, 2022. For more information, see Authentication Coming to Zoom Meetings.

Enabling Security Settings for your Zoom Meeting

As a meeting host, you have the option to enable the following security settings for your Zoom meeting:

Passcode – Only users who have the passcode can join the meeting.
Waiting Room – Only users admitted by the host can join the meeting.
Require Authentication to Join: Sign in to Zoom or Carleton University Account –Carleton University Account allows only users who have securely signed into their Carleton account to join. Sign into Zoom allows only users who have signed into any Zoom account to join.

NOTE: As of May 2^nd 2022, all Zoom meetings scheduled and hosted by Carleton Zoom users are required to have at least 1 form of security enabled. If you do not select a security feature, Zoom will enable the waiting room for your meetings by default.

To enable security settings for a Zoom meeting:

Go to https://carleton-ca.zoom.us/meeting.
Sign in with your MyCarletonOne credentials. For instructions, see Carleton’s Enterprise Zoom License and Single Sign On (SSO) support page.
Select the name of the meeting and click Edit or click Schedule a Meeting.
Under Security, select one or more of the following options:
- Passcode – Only users who have the passcode can join the meeting.
- Waiting Room – Only users admitted by the host can join the meeting.
- Require Authentication to Join: Sign in to Zoom or Carleton University Account.
  - Carleton University Account allows only users who have securely signed into their Carleton account to join.
  - Sign into Zoom allows only users who have signed into any Zoom account to join.
Click Save.

For more instructions, see Requiring Authentication to Join a Meeting/Webinar, Zoom Meeting and Webinar Passcodes, Using Waiting Room.

Requiring Authentication for Zoom Meetings

The Required Authentication setting helps ensure that only Carleton users who have securely signed into their MyCarletonOne (MC1) account can join the Carleton host’s meeting.

Requiring authentication offers significant benefits, including:

Allowing the pre-assignment of breakout rooms before class sessions
Enabling accurate attendance logs and Zoom analytics
Protecting meeting participants from potentially abusive Zoombombings and privacy breaches

Zoom hosts have had the option to require authentication for their meeting participants since May 2, 2022. On August 29, the setting becomes enabled by default for all meetings.

Zoom users will still be able to disable the required authentication default and/or choose alternative security settings instead. In cases where external guests are invited to Carleton Zoom meetings, the host can add add specific non-Carleton participants to a list of exempted users to bypass required authentication.

What security settings do I need for my meeting?

Scenario	Examples	Security Options & Recommendations
Course-related meeting (participants have access to host’s course in Brightspace) with only registered Carleton members	Department meeting: instructors within one department Course office hours: TA with assigned students in a course Student group work: all Carleton students in one course Course lectures: instructor host, students attend	Use a passcode. Enable “Embed passcode in invite link for one-click join” in your account settings. Do not give out the passcode. Only allow students to access the meeting through the Join button in the Zoom plugin in Brightspace. Do not post the meeting information anywhere else. Enable the Carleton University Authentication security setting. Students will be required to sign into their Carleton University Zoom account before they can access the meeting.
Course-related meeting with registered Carleton members and external guest(s)	Course lectures: instructor host, students attend, guest speaker(s) Small workshops: 6 or fewer participants with guest(s) external from Carleton Expert Panel: Carleton participant with 6 or fewer external guests (vendors, experts, employers, etc.)	Use a passcode. Enable “Embed passcode in invite link for one-click join” in your account settings. Do not give out the passcode. Only allow students to access the meeting through the Join button in the Zoom plugin in Brightspace. Do not post the meeting information anywhere else. Enable the Carleton University Authentication security setting. Students will be required to sign into their Carleton University Zoom account before they can access the meeting. Use the Authentication Exemption to admit external guest(s).
One-on-one non-course related meetings	Interview for enrollment/employment Sales meeting with external vendor/client Meetings for personal use	Enable the waiting room. Only admit the participant you invited to the meeting. Never admit an unexpected participant, or a participant with a name you don’t recognize. Optional: enable the Authentication Requirement security setting (Carleton University Account or Sign in to Zoom) for an additional layer of security. Optional: enable passcode for an additional layer of security.
Publicly advertised meeting	Expert Panel or Roundtable Recruiting Event Non-profit events Meeting with an admission fee Meetings with sensitive subject material	Enable registration on your meeting. Consider hosting the meeting as a webinar. CUES supports webinar events at Carleton. Webinars provide hosts the most amount of control, and the largest amount of security.
Small, non-course related meeting with users external from Carleton	Interview for enrollment/employment Thesis Defense Meeting with vendors	Enable the waiting room. Only admit invited participants. Optional: enable passcode for an additional layer of security. Optional: Enable the Authentication Requirement: Sign in to Zoom. This will require participants to sign into any Zoom account before they gain access to the waiting room.
Carleton only non-academic large event	Workshops Inter-department meeting Administrative meetings	Enable the Carleton University Account Authentication Requirement. Optional: enable the waiting room and/or passcode security settings for additional layers of security.

Reporting a Zoombomber or abusive user

For any Zoombombing or concerning behaviour in a Zoom meeting, we encourage you to notify the Carleton Zoom
team at the TLS Support Portal.

Depending on the abusive behaviour encountered, you may also wish to report to the following
groups:

Equity Services at Carleton University: if you have encountered a disruptive user who has engaged in
discrimination, harassment, stalking, sexist or racist behaviour, or any other prohibited
action as outlined in the Human Rights Policy. This service is confidential and does not
compel the individual to take any further action.
If warranted, contact the Manager of Student Conduct and Harm Reduction at the Office of Student Affairs at Carleton

Top 5 Security Recommendations for Zoom

Keep your Personal Meeting ID (PMI) private. Don’t share your ID for public events

Your PMI is essentially one continuous meeting. Once people know the ID number, they can join the meeting at any time. NOTE: If you DO use your Personal Meeting ID, be sure to change your passcode for each session using the instructions on the Zoom help centre.

Never share your Zoom meeting links on publicly accessible forums or syllabi

Instead of sharing your Zoom meeting links publicly, share the link details through Brightspace. When you share a link through Brightspace, only enrolled students can access the virtual classroom. Note: By default, new meetings are assigned a random passcode. To choose your own passcode, follow the steps outlined in Zoom’s help centre.

Use unique passwords for your Zoom meetings. Avoid re-using passwords in Zoom or anywhere.
Unique passwords are the best method of keeping your Zoom meeting secure. When you re-use a password, the likelihood that an unwanted guest could join increases. Further protect your Zoom sessions by only sharing the password shortly before the session.

Avoid publicly posting images of private and virtual class meetings.
When you share an image of your virtual class meeting and its participants, you may be sharing the full names and images of other individuals without their permission. Do not take images of Zoom meetings without the express, written permission of everyone in the Zoom session. Provincial privacy and confidentiality legislation prohibits the sharing of student’s personal information without their consent.

Keep sensitive or confidential information off of Zoom

As a standard practice, Zoom data mines all information provided on their service. There are reports that Zoom is capturing the browser ‘tabs’ that are open at the same time as Zoom. While Zoom calls are encrypted, they are not end-to-end encrypted at Carleton. As such, Zoom meetings and recordings may be intercepted and accessed outside of your intended use. To avoid having Zoom gather this information, open Zoom in a private/incognito browser and avoid opening any additional tabs within that browser

Zoom Data Storage

Although it is subject to change in the future, Zoom data is stored as follows:

Zoom Cloud Recordings (“data at rest”) is stored on USA servers. These recordings are deleted from your Recordings list after 120 days and remain in the Trash for an additional 30 days before being permanently deleted.
Zoom Meetings (“data in transit”) use a variety of international servers including USA and Canada. Users have the option of enabling servers in China, Singapore, and Hong Kong; however, we would recommend caution when using enabling these servers.

You can contact Carleton’s Privacy Office at privacy@zoom.us or security@zoom.us for more information regarding Zoom’s data storage.

Privacy and Security Resources

Share: Twitter, Facebook
Short URL: https://carleton.ca/zoom/?p=61