You may have heard reports recently about security and privacy issues on the Zoom platform that include encryption, Mac security, and intruder access to Zoom meetings – also called “Zoombombing.”
I want to assure you that we take these issues very seriously and are closely monitoring Zoom’s efforts to address security concerns within their platform. On April 1, Zoom CEO Eric Yuan published “A Message to our Users” on Zoom’s official blog, acknowledging outstanding issues and making a commitment to strengthen the platform’s security and privacy through an aggressive remediation plan. Zoom has assured transparent communication through this process and has already followed up to address questions about Encryption and Zoombombing.
Last week, Zoom rolled out a host of product updates, including the following security measures:
Mac Zoom Client installer updates. The Zoom Client was updated to remove scripts that installed the client without requiring root permission.
Security Toolbar Icon for Hosts. The meeting host will now have a Security option in their meeting controls, which exposes all of Zoom’s existing in-meeting security controls one place. This includes locking the meeting, enabling Waiting Room, and more. Users can also now enable Waiting Room in a meeting, even if the feature was not turned on before the start.
Invite Button on Meeting Client Toolbar. The button to invite others to join your Zoom meeting is now available at the bottom of the Participants panel.
Meeting ID No Longer Displayed. The meeting ID will no longer be displayed in the title bar of the Zoom meeting window. The meeting ID can be found by clicking on Participants, then Invite or by clicking on the info icon at the top left of the client window.
File Transfers. The option to do third-party file transfers in Meeting and Chat was temporarily disabled. Local file transfer is available with our latest release. Third-party file transfers and clickable URLs in meeting chat will be added back in an upcoming release.
New Join Flow for the Web client. By default, users will now need to sign-in to their Zoom account or create a Zoom account when joining a meeting with the Web client. This can be disabled by the Admin or the User from their settings page.
Join Before Host Emails Disabled. Notifications sent to the host via email when participants are waiting for the host to join the meeting have been disabled.
Setting to Allow Participants to Rename Themselves. Account admins and hosts can now disable the ability for participants to rename themselves in any meeting. This setting is available at the account, group, and user level in the Web portal.
Configure meeting and webinar password requirements
- Account owners and admins can now configure minimum meeting password requirements, including a minimum length, requiring letters, numbers, special characters, or only allowing numeric passwords. Past meetings scheduled with passwords will not be impacted.
Meeting IDs up to 11 digits in length
- One-time random meetings IDs for newly scheduled meetings and webinars can now be up to 11 digits long. Your Personal Meeting ID (PMI) will remain the same and already scheduled meetings will not be impacted.
Password for Cloud Recordings
- We updated password guidelines for hosts when sharing their cloud recordings for meetings and webinars. Default will now be ON, and require a complex password to access a shared recording. Existing shared recordings will not be impacted.
Re-enable Third-party File Sharing
- We have restored the functionality to share files from third-party platforms, such as Dropbox or OneDrive if configured for their Zoom account, for users on version 4.6.11.
Performance Tuning for Dashboard Data
- Fixed performance issues related to missing data and delay on dashboard and reporting. We will continue to make improvements to this area.
App Version
- App version is accurately reflected in all areas.
Message Preview Control (Only Applicable to Zoom Chat Users)
- Users can enable or disable a setting to show a message preview for chat messages.
For more information and resources in the days to come please be sure to update to Zoom’s latest release to take advantage of these new features, and subscribe to their Blog!
In addition to the product updates, the California Community Colleges have been working closely with Zoom to enable additional security features. As a result, the following features are now the default for all staff, faculty, and students in our Zoom account:
- You must now give permission to others before they can share their desktop screen.
- The “Waiting Room” feature is now enabled by default, allowing you to control who enters your meeting. You can also prevent further access to your meeting using the “Lock Meeting” option.
- “Join before host” option is disabled, preventing others from joining your meeting without you being there.
Our ITS Zoom Security webpage contains further information about the controls available to you to secure your meeting from intruders. We will continue to update this page as new security features are enabled & released.
Thanks,
SMCCD ITS Team