Zoombombing and other disruptions to class are a reality today, especially with the sheer volume of meetings taking place on the platform, CSUN and otherwise. These disruptions are not isolated to Zoom – they take place on other platforms as well. Many of these incidents are avoidable with the right settings. It all depends on how much you need to lock down your class. We've split these recommendations up into four main sections: Basic Security, Next Level Security, Highest Level and Extra Options.
Basic Security: Screen Sharing, Annotation, Sharing the Zoom Link in a Secure Location
It is important to control who can share screens and annotate (markup) your shared screen. By default, only the host can share screen. You can change this setting using the Security button and changing the setting to allow sharing from participants.
Annotation is another feature that you’ll want to control. We recommend only allowing the user who is sharing [to be able] to annotate. This means that a bad actor cannot markup your shared screen while you are in control. Only you can annotate.
Sharing the Zoom Meeting Link in a Secure Location
Share your meeting links only in secure locations. Email is not secure. Canvas is. Though, of course, one of your students could share it with a bad actor, but at least you have to sign into Canvas before you can get to the link.
Copy and paste your Zoom Meeting URL and give the link a name (e.g., Virtual Class Link, Zoom Link).
Next Level Security: Passcodes and Waiting Rooms
A meeting without a passcode is an invitation for Zoombombing. Bad actors can “robo-dial” thousands of meetings at a time looking for one that doesn’t have a passcode, and get in. Passcodes are now a default for any meetings created since August 14th. If you created meetings before this, simply:
- Log in into Zoom csun.zoom.us
- Find your meeting.
- Check the use passcode box.
- Redistribute the new link to the meeting.
The last step is the most important. A new link will be generated, so you’ll have to pass that out. Also note that our administrative default setting is to embed the passcode into the link. The good news is that users still just click on a single link to get in. The bad news is that sharing that single link with a bad actor (someone outside your class) gets them in, too.
Normal Zoom Link Example: https://csun.zoom.us/8122067712
Secure Password Embedded Zoom Link: https://csun.zoom.us/787200447?pwd=M1hWaC8wWUNqU2RYckFWR2hSQ
A waiting room is a holding area for students to go into before being allowed into class. Someone (usually the instructor) has to monitor the waiting room to let students in. We recommend urging your students to be on-time to class so that you do not have to watch the waiting room several minutes into class. You can do anything from verifying appropriate usernames before letting them in (a common habit of bad actors is to use usernames in poor taste) or even compare usernames to rosters.
Note: Either a waiting room or a passcode will be required in the future, making some of this conversation moot, but this is a worthwhile topic to discuss and understand nevertheless.
Highest Level: Authenticated Users Only
A step up from either passcodes or waiting rooms is to only allow authenticated users to join the meeting. This means that only students that have logged into Zoom.us are allowed in. This is regardless of using the other security measures. When choosing your options, you can even set it so that only authenticated users from csun.edu and/or my.csun.edu are allowed in. This means that a student must do single sign-on (SSO) prior to entering the class, with CSUN credentials. This is the highest security level, as it makes it easily identifiable who is doing what. They cannot hide behind fake usernames.
Extra Options: Disabling Chat, Muting All, Removing Unwanted Participants
Follow these instructions to disable chat in a Zoom meeting:
- In the Zoom meeting window, select Chat.
- In the Chat panel, select the Chat menu icon.
- In the pop-up window, select No One to prevent participants from chatting in the meeting.
- Select the Participants (Manage Participants) button in the Zoom toolbar. This is located at the bottom of your session window.
- At the bottom of the Participants window, select More.
- Choose Mute Participants on Entry.
- Deselect Allow Participants to Unmute Themselves.
Removing Unwanted Participants
In Zoom, open the Participants list.
- Select the unwanted participant.
- Select More.
- Select Remove.
Note: Unless you have enabled the option to allow removed users to return, that specific account will not be able to rejoin the meeting. View Manage Participants in a Meeting (video).
For more information about Zoom Security, please visit these links below:
Best Practices for Securing Your Virtual Classroom
How to Keep Uninvited Guests Out of Your Zoom Session
A Letter from Zoom’s Management Team to Customers and Users
CSUN's How to Keep Your Zoom Sessions Secure
Should you experience a disruption to your class, please contact the IT Help Center at (818) 677-1400 to report the situation. We will triage, address, and/or route the issue to the appropriate teams (e.g. security).