Information Security

Secure Zoom Meetings

It is important to consider the security implications of the Zoom meetings that you set up. It is important to properly secure your meeting if there is any discussion of Level 1 or Level 2 data. In addition if it is a video meeting it is important to secure the recording if there are minors involved or non-Chico State participants.

Another important consideration is to make sure that we are properly accounting for the participants in our meeting. If, despite these precautions, someone shows up in your meeting that you don't know, you should take it seriously, because it's possible that these incidents may constitute a phishing attempt to obtain confidential information or access to Chico State services. 

Meeting Passwords

We strongly recommend that you set a strong password for all meetings and webinars.

While scheduling a meeting, under Meeting Options, check Require Meeting Password, then specify a strong password (make your password at least eight characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols). Participants will be asked for this password in order to join your meeting.

Disable "Join Before Host"

If you are scheduling a meeting where sensitive information will be discussed, we recommend leaving Enable join before host (found in the Meeting Options section while scheduling a meeting) turned OFF. See Zoom's Join Before Host help page(opens in new window) for more information.

The join before host option can be convenient for allowing others to continue with a meeting if you are not available to start the meeting, but with this option enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting.

As an alternative, we recommend assigning an Alternative Host(opens in new window)

It is still possible for a meeting to start with you (the host) even with Join Before Host disabled. If you have given someone Scheduling Privilege(opens in new window) (which allows them to schedule meetings on your behalf), when that person joins a meeting before you, the meeting will start and they will be made the host. This is typically not a problem, as our recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

Meeting Security When Scheduling Zoom Meetings Using Your Outlook Calendar

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password. If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the password to anyone who views your calendar. We recommend making the calendar entry private or editing the entry to remove the Zoom meeting password.

Remove a Participant from a Zoom Meeting or Webinar

If you have already begun a session and find an unwanted attendee has joined:

  1. If the Participants panel is not visible, select Manage Participants at the bottom of the Zoom window.
  2. Next to the person you want to remove, select More.
  3. From the list that appears, select Remove.

Lock Your Session

The Zoom Host Controls(opens in new window) allow the host or co-host to lock the meeting. Once all your attendees have joined,

  1. If the Participants panel is not visible, select Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, select More.
  3. From the list that appears, select Lock Meeting.

Unlock the meeting following these same steps.

When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so it's best not to lock the meeting until everyone has joined.

Post Meeting Security

If a meeting is recorded, the recording is located on the host’s local machine. Please be aware of the content and have all participants permissions in place before posting the meeting to a public site.