Not all Zoom Accounts are the Same
Extension’s use of Zoom is different than what the general public is using. Our Zoom accounts are bound together under a Zoom for Education Enterprise Account. This allows us to enforce certain security features and settings as well as provide us with reporting tools and a level of support that most personal Zoom accounts do not have access to. These settings cannot be overridden by the user, and include the following:
- Waiting Room enabled by Default
- Passwords required for meetings
- Join Before Host disabled
- Participant Screen sharing disabled at meeting start (can be changed by Host)
- Meeting chats cannot be saved
- File Transfer via chat disabled
- Cloud-based meeting recording disabled – Hosts can record their meetings, but the recording is saved locally, not via Zoom’s cloud storage
These best practices hold true not just for Zoom, but for any current videoconferencing platform. Providing a secure environment for both our staff and participants is critical, especially during our efforts around the pandemic.
Zoom’s Data Encryption Model
In early April 2020, Zoom was the topic of world-wide attention around issues related to data encryption and the location of their data centers. Zoom acknowledged people’s concerns around data encryption methods and began
making changes to address them immediately. Zoom has provided an in-depth overview of their current encryption practices both on their website and in a detailed white paper: https://zoom.us/docs/doc/Zoom/Encryption/Whitepaper.pdf
Extension’s use of Zoom is for public outreach and programming efforts. Our internal training efforts reinforce this as our primary use for Zoom. We do not suggest the use of Zoom for any data which would meet data classification standards as restricted or sensitive data.
Zoom Data Center Settings
In order to protect the integrity of any data transmitted over Zoom, at this time Extension is limiting our meetings and webinars to local, United States based data center regions. This is a setting that cannot be changed by our end users and is locked for all user accounts.
ZoomBombing – Video Conference Gate Crashing
Any time an online video conference system is used in a public-facing environment, there is a risk of ‘gate crashing’ or ‘ZoomBombing’ by uninvited guests.
- Zoom identified the potential for this during the Summer of 2019 and took steps to address this by defaulting to requiring passwords for new meetings. https://support.zoom.us/hc/en-us/articles/360033331271-Account-Setting-Update-Password-Default-for-Meeting-and-Webinar
- Zoom Meeting IDs have been updated from 9 to 11-digit numbers as well in order to make it more difficult people to randomly join Zoom meetings.
- Our enforced account settings coupled with best practices shared during our training help to protect our staff and participants from ZoomBombing.
Our complete response is available at Keeping Zoom Safe at Extension