4.1.20: Securing Zoom Meetings

Take action now to prevent disruptions to Zoom classes, meetings, and events

Dear Lehigh faculty and staff:

As universities and other institutions worldwide increase the use of videoconferencing and online communication tools for remote teaching, learning, and work, new cybersecurity threats have emerged. One such trend is “Zoom Bombing,” wherein an individual might use a random number generator tool to guess valid Zoom meeting links (or find one shared publicly online), and then join those sessions uninvited to cause disruption. Over the past 24 hours, we have experienced three such disruptions to our classes at Lehigh.

To help protect Zoom classes, meetings, and other online events from these disruptions, we strongly recommend that you take action now to accord with the following best practices. In this communication, we have focused on Zoom because of its current widespread use at Lehigh; however, the general guidelines apply to any virtual meeting software.

For Faculty using Zoom for Class Meetings

  • Review these best recommendations and practices for Securing Zoom Meetings

  • We recommend that you update your Zoom meeting setting to allow only Authenticated Users into your class sessions. This means that you and your students will need to use your Lehigh usernames and passwords to access your Zoom meeting. For instructions, see Authenticating Zoom users.  

  • Be sure to share with your students this information on how to access your secured Zoom class meeting.

  • If you want others besides yourself to be able to share screens, manage participants, etc., be sure they are listed as “Alternative Hosts” in your Zoom meeting settings.

  • If you have not yet taken these steps and you experience a disruption, remove the offending participant or end the course meeting, then contact your students with a new link.  

 

For University Meetings

  •  The same guidelines apply when you set up a meeting directly using your Zoom account through https://lehigh.zoom.us, so follow the same guidelines as listed above.

 

For University Events

  As an event host, you have several options to ensure a smooth experience for you and your attendees. 

  Option one: Keep the link to your virtual event public. 

  • If you choose to keep your virtual event link public, include a note on the event description alerting attendees of possible disruption. Suggested language:

    Please be aware that there has been a nationwide increase in disruptions to virtual events. Some of these distruptive incidents could include offensive language or imagery. If this occurs, the meeting host may need to end the meeting and reschedule. Thank you for your patience as we work through these challenges. 

  • As host, you can remove participants if you observe inappropriate behavior. For instructions, see Zoom: Managing participants in a meeting.

  Option two: Require event registration

  • To ensure privacy, replace public links with Zoom links that have been enabled to require registration or with a registration form that you generate, such as through Google Forms or Qualtrics. This option requires the host to send each attendee the private Zoom link before the event. 

  Option three: Host a webinar-style virtual event (only for large/public meetings).

  • Think of webinars like a virtual lecture hall or auditorium. Webinars are ideal for large audiences or events that are open to the public. Typically, webinar attendees do not interact with one another. The average webinar has one or a few people speaking to an audience that is unseen to other attendees. You can also add registration to a webinar-style event. If you are interested in creating a webinar, please submit a request at Instructional Technology Help.

  General Best Practices for Virtual University Events

  • If you have an event currently listed in the Lehigh Events Calendar that includes a Zoom link or Zoom meeting ID and you would like those links changed or removed, please reach out to eventscalendar@lehigh.edu for further instruction.

  • Enlist help from a colleague to moderate the chat, manage participants, and answer general questions. If there is a participant doing something inappropriate, you or your moderator can remove them from the session. For instructions, see Zoom: Managing participants in a meeting.

  • As a host, log on early to familiarize yourself with tools so you’re comfortable ending the meeting quickly or managing attendees if necessary.

  • If someone else creates the Zoom session for your event, but you are planning to host, be sure they add you and anyone moderating as “Alternative Hosts.” Otherwise you and your moderator will not be able to share screen, manage participants, etc.

  • Double-check meeting settings to ensure options like share screen, chat, participant mute, etc are defaulted to your desired setting.

  • For more information and tips on minimizing disruptions in Zoom sessions, visit Zoom: How to Keep the Crashers Out of Your Zoom Event.

 

Closing Comment on General Security Awareness

Please know that Information Security threats increase during times of rapid change. Responses to COVID-19 are pushing changes to the way we work faster than we have ever experienced. As we transition from a “go to work” to a “work at home” culture we will almost certainly see more cyberattacks. If you suspect an attack please report it to security@lehigh.edu or the LTS Help Desk at 610-758-4357 or helpdesk@lehigh.edu.

 

Library and Technology Services