How to use Zoom securely

How to use Zoom securely

Doctor video conferencing with patient Zoom logo

Many people and organisations across the globe are turning to online video conferencing solutions to enable continuity of communication and social interaction. Among this there has been a concerted effort for New Zealand health providers to reduce face-to-face consults in favour of virtual, after the government announced a $20 million investment in telehealth amid the battle against Covid-19.  

While there are many video conferencing tools available, Zoom has surged in popularity. With its widespread usage, Zoom has become a major target for trolls and hackers, most notably the incidence of “Zoom Bombing”. Although security flaws have been uncovered and subsequently fixed, much of the risk can be mitigated through the careful configuration of meeting settings set by the host.  

What you can do to use Zoom securely

The following organisations have curated recommendations and best practices for using Zoom safely and securely to protect privacy and prevent unwelcome participants joining your call. 

General advice

  • Use the Zoom desktop application: When you join a Zoom meeting for the first time, you will be prompted to download Zoom. You can also download the application in advance from Zoom’s website. Zoom can also be run through a browser, though it has less functionality, and the mobile app should be avoided. 
  • Update software: It is crucial to keep your software up to date to ensure you have the latest security patches, in addition to accessing new features and enhancements. Usually you will be prompted to update the Zoom client, however you can also check by clicking on your profile and then “Check for Updates”. 
  • Keep meeting links private: Avoid sharing meeting links and IDs on public-facing platforms.  
  • Review attendees: Check through the attendees and make sure you are comfortable with who is on the call before beginning your discussions. 
  • Understand the level of encryption: Zoom does not currently provide end-to-end encryption (E2EE) of data transmitted across their network. Refer to this post on how Zoom performs encryption. Zoom announced on 17 June they are soon releasing E2EE capability to all tiers of users, however they have indicated it will need to be toggled on as it limits some features.


Top Zoom setting recommendations and how to enable them

If you have a Zoom licensed (paid) account for your organisation, the Owner and Administrators can change the default settings through the online portal. Otherwise, these settings can also be set at the host level (unless they’ve been locked by the administrator). 

For Account Owners and Administrators

To change these settings, log in to the Zoom portal. Under the Admin sidebar menu, go to Account Management > Account Settings 

Zoom settings screenshot
Tip: Consider using the “Lock" feature next to the toggle for settings you want to enforce and can’t be overridden by hosts. 
  1. Use unique meeting ID 

Ensure the use of Personal Meeting ID (PMI) for scheduled and instant meetings is turned off by default. Hosts should use randomly generated meeting IDs rather than PMIs. 

Zoom settings screenshot
  1. Use a meeting room password

Enable the requirement of a password for scheduled and instant meetings.

Zoom settings screenshot
Zoom settings screenshot
  1. Wait for host

Disable “Join before host” so that there is always a host present to start the meeting and manage the participants.

Zoom settings screenshot
  1. Doorbell

Enable “Play sound when participants join or leave” and set it to “Heard by host and all attendees”. This prevents participants from joining unnoticed.

Zoom settings screenshot
  1. Prevent rejoining

Disable the “Allow removed participants to rejoin” option to prevent those that have been kicked off the call from rejoining again. 

Zoom settings screenshot

For Meeting Hosts

As a meeting host, you can change the default settings for meetings you host through the Zoom portal, under Personal > Settings.

Zoom settings screenshot

When you schedule a meeting, remember to check the individual meeting’s settings. Click on “Advanced Options” to access further settings.

Zoom settings screenshot
  1. Use unique meeting ID 

Select “Generate Automatically” under Meeting ID.

Zoom settings screenshot
  1. Use a meeting room password

Tick “Require meeting password” and let it generate a random password.

Zoom settings screenshot
  1. Wait for host

Ensure “Enable join before host ” is unticked.

Zoom settings screenshot

When you’re in the meeting, you can quickly access the security settings in the bottom toolbar.


Additional restrictive measures

Several further measures can be enacted, although these actions can also impact on the usability of Zoom.

  1. Enable waiting room

Enabling waiting room allows hosts of the meetings to see the list of participants so they can be vetted before joining. When this is enabled, “Join before host” is automatically disabled.

Zoom settings screenshot
  1. Restrict screen-sharing

Restricting screen-sharing capabilities to “Host Only” will prevent malicious users taking over the screen and sharing inappropriate content.

Zoom settings screenshot