Keeping Zoom Secure at Extension

Not all Zoom Accounts are the Same

Extension’s use of Zoom is different than what the general public is using. Our Zoom accounts are bound together under a Zoom for Education Enterprise Account. This allows us to enforce certain security features and settings as well as provide us with reporting tools and a level of support that most personal Zoom accounts do not have access to. These settings cannot be overridden by the user, and include the following:

  • Waiting Room enabled by Default
  • Passwords required for meetings
  • Join Before Host disabled
  • Participant Screen sharing disabled at meeting start (can be changed by Host)
  • Meeting chats cannot be saved
  • File Transfer via chat disabled
  • Cloud-based meeting recording disabled – Hosts can record their meetings, but the recording is saved locally, not via Zoom’s cloud storage

These best practices hold true not just for Zoom, but for any current videoconferencing platform. Providing a secure environment for both our staff and participants is critical, especially during our efforts around the pandemic.

Zoom’s Data Encryption Model

In early April 2020, Zoom was the topic of world-wide attention around issues related to data encryption and the location of their data centers. Zoom acknowledged people’s concerns around data encryption methods and began
making changes to address them immediately. Zoom has provided an in-depth overview of their current encryption practices both on their website and in a detailed white paper: https://zoom.us/docs/doc/Zoom/Encryption/Whitepaper.pdf
Extension’s use of Zoom is for public outreach and programming efforts. Our internal training efforts reinforce this as our primary use for Zoom. We do not suggest the use of Zoom for any data which would meet data classification standards as restricted or sensitive data.

Zoom Data Center Settings

In order to protect the integrity of any data transmitted over Zoom, at this time Extension is limiting our meetings and webinars to local, United States based data center regions. This is a setting that cannot be changed by our end users and is locked for all user accounts.
Zoom Data Center Settings indicating only participants from the United States are allowed

ZoomBombing – Video Conference Gate Crashing

Any time an online video conference system is used in a public-facing environment, there is a risk of ‘gate crashing’ or ‘ZoomBombing’ by uninvited guests.

Our complete response is available at https://go.wisc.edu/5i8vxv