At Ohio State, the safety and privacy of our students, faculty and staff is top a priority. Now that Zoom is a crucial part of Buckeye life, we are working continuously to make our virtual classrooms and (home) office meetings safer. You may be wondering what you can do to help secure your CarmenZoom meetings. Below we have outlined a number of suggestions to help keep your virtual meetings and class sessions safe and secure. Expand each section for more information.
- Log in to CarmenZoom at carmenzoom.osu.edu to manage your meeting security settings and before joining or starting a meeting to ensure that you have full access to the functionality of a Zoom pro account provided by your Ohio State license. See the Getting Started with CarmenZoom guide for more information on the various ways to access CarmenZoom.
- Update Zoom to the latest version. Zoom is regularly adding functionality to address security concerns. Make sure you have the latest version of the desktop client and mobile apps on your devices.
- These updates will be pushed automatically to Managed IT Services (MITS) devices.
- Generally, Zoom will automatically prompt you to update your desktop client when a new version is available. However, you can manually check for updates by opening the desktop app, clicking your profile picture, then clicking Check for Updates.
- Don't share the link to meetings in any public space, such as Twitter or Facebook.
- Zoom should not be used for conversations that involve restricted (S4) data. Learn more easy, secure tips to working remotely at cybersecurity.osu.edu
- If you intend to record and share your Zoom meetings, learn more about Zoom cloud recordings and protecting the privacy of your students.
The best way to deal with uninvited attendees is to set up your meeting to help keep them out in the first place.
CarmenZoom has a number of default security settings enabled to make your meetings more secure. Think of these default settings like wearing a helmet when you ride a bike. They are designed to protect you and removing those protections opens you up to risks. If you choose to alter some of these settings, it may be harder for Ohio State to look into a situation and identify the offenders in the case of a Zoom bombing attack.
- Meeting passcodes. Meeting passcodes create an additional layer that hackers must work to breach. While passcodes will be embedded in meeting links by default, you can choose to turn off this setting and send passcodes to your participants separately. If you are using the Canvas integration to schedule Zoom meetings with your students, you should leave the passcode embedded in the link.
- Join Before Host is disabled. The Join before Host option allows meeting participants, unwanted or not, to join your meeting before you.
Consider the following additional meeting settings:
- Create scheduled meetings with a unique URL for each class session or meeting. Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting, and once someone has the link to your PMI, they can pop in and out at any time the meeting room is in use. To make your personal room more secure, turn on the waiting room option and/or lock the meeting once it begins.
- Turn on the Waiting Room. The Waiting Room is a virtual staging area that stops your guests from joining until you're ready for them.
- Restrict access to authenticated users. If all of your attendees have an Ohio State username (lastname.#), restrict access to authenticated users. In the Settings menu at carmenzoom.osu.edu, under Schedule Meeting select Only authenticated users can join.
If attendees aren't logged in to CarmenZoom when they click the link to your meeting, a login window will appear. They should select Sign In with SSO and enter osu as the domain. See the Getting Started with CarmenZoom guide for more information about accessing and logging in to CarmenZoom.
If some of your attendees do not have an Ohio State username, see the options below for allowing non-university guests.
Options for allowing non-university guests
Using the Only authenticated users can join setting will prevent guests who do not have an Ohio State Zoom account from entering the meeting, including some users from the College of Food, Agriculture and Environmental Sciences and Fisher College of Business, users from Central Ohio Technical College, and some international students.
If your meeting includes non-university participants, you can use other strategies to control who can attend.
Once your meeting begins, you have a number of options for reducing the chances of disruptions.
Click on the Security icon to manage the following in-meeting security options:
- By default, Zoom prevents participants from:
- Lock the meeting. This setting may prevent invited guests from rejoining your meeting if they drop out due to internet connectivity issues.
- Enable the Waiting Room (even if it's not already enabled)
- Remove participants
- Restrict participants' ability to:
Using the advanced host controls you can also:
Addressing Disruptive Behavior
You've taken preventative steps, but Zoom bombing can still happen. If it does, use the following suggestions to help mitigate the disruptive behavior or participants.
- Remove disruptive users. From the Participants menu, you can hover over a participantas name, and several options will appear, including Remove. If you accidentally remove a participant, you can allow removed participants to rejoin; this option must be selected before the meeting begins.
- Put disruptive users on hold. You can put each participant on a temporary hold, including the attendees' video and audio connections.
- Disable video: Hosts can turn someone's video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
- Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the noise down in large meetings.
Sharing Cloud Recordings
By default, CarmenZoom cloud recordings require a passcode. Unlike meeting passcodes, recording passcodes cannot be embedded within the link for the recording.
If you are using the Zoom integration within CarmenCanvas, your students won't need a separate passcodes; when clicking to view the cloud recording, the passcode will be copied to the clipboard for them to paste when prompted, allowing them easy access directly from your Carmen course.
Cloud recordings are available to all students enrolled in a course. Students are not allowed to share these recordings. This is to protect the FERPA rights of all students in the course.
If you have a secure way of doing so (for instance, in your Carmen course, as mentioned above), please leave the setting in place and share the passcode. If sharing the password securely is not feasible, you may disable the passcode from specific recordings or change the default for your account.
Reporting an Incident
If you do experience zoom bombing or other inappropriate behavior in a Zoom meeting, contact firstname.lastname@example.org with the following information:
- Meeting ID - For more information see the How do I find a Zoom Meeting ID? FAQ
- Ohio State username (lastname.#) of the person who created the meeting
- Date and time of the incident
- Brief description of the incident
- If you have a recording of the meeting, do not delete it
- Save the chat text, if applicable
If the incident involved any type of harassment, discrimination, or sexual misconduct, please report the incident to the Office of Institutional Equity.
See additional information regarding virtual meeting security for both Zoom and Skype at Cybersecurity For You.