Zoom

Zoom’s encryption has been called into question by security researchers on multiple occasions. That’s not speculation — that’s their public track record. The meeting host’s encryption may not protect everything that gets documented in your meeting. Here’s how to run tighter meetings regardless.

DO / DON’T

DO:

• Require a password for ALL meetings and webinars — every single one
• Control screen sharing capabilities — never hand over control of your personal screen
• Have all attendees register prior to meetings to prevent uninvited guests
• Discuss potential security concerns with participants before using Zoom for sensitive conversations
• Review updated security notes posted by Zoom

DON’T:

• Use video call if not required — dial in without video when possible
• Allow participants to share their screens during your meetings by default
• Forget to lock your meeting once all known participants have joined

Meeting Settings (Web App)

Path: Sign in to Zoom > Personal > Settings (left menu) > Meeting tab

Authentication:

• Always authenticate users
• Require password when scheduling any meeting
• Require attendees to input the password — do NOT embed the password in the meeting link
• Use a Pre-meeting Password
• Do NOT use your Personal Meeting ID — a static ID makes you permanently reachable at a known address
• Use End-to-End Encryption whenever possible
• Enable “Only authenticated users can join meetings from Web client”

Chat Settings:

• Do NOT allow other attendees to save chats

File Transfer:

• Disable — Zoom’s encryption is insufficient for secure file transfer

Screen Sharing:

• Disable screen sharing by default
• If screen sharing must be allowed: restrict who can share and who can take control

Rejoining After Removal:

• Find “Allow removed participants to rejoin” → toggle OFF
• Also disable: ability for participants to rename themselves — prevents confusion and impersonation

In Meetings (Advanced):

• Do NOT allow third-party activities
• Do NOT allow other users to take control of your camera
• Enable “Identify guest participants in the meeting/webinar”
• Enable photo blurring for business functions at the bottom of Advanced section

Disable:

• Whiteboard (disabled recommended)
• Remote control — never give up control of your computer to another participant

Audio Conferencing Settings

Path: Settings > Audio Conferencing

• Enable “Mask phone number in the participant list”

Recording Settings

Path: Settings > Recording

• Disable most or preferably all recording features
• Do NOT allow anyone to record your meetings without your explicit action

Mobile Settings (Android & iPhone)

Path: Lower right > More > tap name/email (profile page)

• iPhone: Before profile page, look for Siri Shortcuts → Disable any Siri Shortcuts related to Zoom
• Under My Profile:
  • Use initials for Display Name
  • Write no Personal Notes about yourself
  • Do not fill in personal or company information unless required

🚨 If Your Account Is Compromised

Signs of compromise:

• Unexpected calls or messages from your account
• Direct Messages you did not send
• Account behaviors you didn’t perform (following, blocking, etc.)
• Notification from Zoom that account may be compromised
• Account info changed without your action
• Password no longer works or you’re prompted to reset it

Immediate actions:

1. Delete any unwanted messages posted while account was compromised
2. Scan computers for viruses and malware
3. Change your password to a strong, unique one
4. Enable login verification (2FA) — Note: Zoom 2FA only works on the web app and only if you’re an admin or an admin has set it up
5. Change the password on the email account associated with Zoom

Zoombombing Response

If your meeting is Zoombombed:

1. Participants List → More → Lock Meeting — prevents additional intruders from entering
2. Once locked, remove the intruder — they cannot rejoin
3. Alternatively: Participants List → Mute All Controls (less recommended)

Support Links:

• Report Terms of Service violation: support.zoom.us/hc/en-us/articles/200613919
• Terminate account: zoom.us/account
• General support: support.zoom.us/hc/en-us/articles/201362003

Go to your Zoom web settings right now and disable screen sharing by default. Then require passwords on all meetings. Those are the two settings that prevent most Zoom security incidents.