Web Conferencing Security

Here are some general guidelines to consider when attempting to create a secure Zoom/Webex meeting, event or remote instruction. To view a list of tool-specific security options, please view:

Creating and Starting a Meeting

When the host initially starts a meeting/class/event they should consider taking these steps:

  • Enable the waiting room
  • Set screen sharing to ‘only host can share’
  • Uncheck ‘allow participants to unmute’
  • Uncheck ‘allow participants to chat’
  • Disable annotation - this can only be done after screen sharing begins so may need to be done later

Once the host is ready, allow participants in from the waiting room. Leaving the waiting room enabled at this point will allow control of additional participants joining, but may be cumbersome for the host to manage, in which case it may be necessary to disable the waiting room. One strategy that could help spot the kind of opportunistic intruder groups that have disrupted other meetings is to watch for spikes in meeting entries after most legitimate participants have joined. It is highly suspicious for 6-12 participants to join within seconds of each other and well after the meeting has begun.

As the meeting proceeds, only ease the restrictions made above as necessary. If there is no need for participants to use the chat or annotation features, for example, leave them disabled.

How to Handle a Meeting Disruption

In the event of disruptive behavior in a meeting, remain calm, and regain control. Depending on the method of disruption, take these steps, in order, to stop the behavior first, before securing other avenues for misbehavior:

  • Set the meeting to 'only host can share'.
  • Mute all and disable unmute, disable chat, disable annotation and enable the waiting room.
  • With the disruptors rendered impotent, assure the rest of the meeting participants that you have control and will have the incident investigated. 
    • If there is no need to allow legitimate participants to use any of the previously disabled features or abilities, leave them disabled for the remainder of the meeting (with unmute disabled, you and you alone may control who is and is not muted at all times).
    • Alternatively, if possible leave these features disabled for just another couple of minutes and without removing the disruptive participants for that time. This will allow for additional data to be collected by Zoom regarding the disruptive participants. 
  • After any disruptive participant has been connected for two minutes (if reasonable to allow them to remain that long) remove them from the meeting. If they attempt to rejoin, leave them in the waiting room. 
  • Once all disruptive participants have been removed, any of the previously disabled features can be re-enabled.