Teaching & Learning Resource Center

CarmenZoom Meeting Security

At Ohio State, the safety and privacy of our students, faculty and staff is top a priority. Now that Zoom is a crucial part of Buckeye life, we are working continuously to make our virtual classrooms and (home) office meetings safer. You may be wondering what you can do to help secure your CarmenZoom meetings. Below we have outlined a number of suggestions to help keep your virtual meetings and class sessions safe and secure. Expand each section for more information.

General Tips
  • Log in to CarmenZoom at carmenzoom.osu.edu to manage your meeting security settings and before joining or starting a meeting to ensure that you have full access to the functionality of a Zoom pro account provided by your Ohio State license. See the Getting Started with CarmenZoom guide for more information on the various ways to access CarmenZoom.
  • Update Zoom to the latest version. Zoom is regularly adding functionality to address security concerns. Make sure you have the latest version of the desktop client and mobile apps on your devices.
    • These updates will be pushed automatically to Managed IT Services (MITS) devices.
    • Generally, Zoom will automatically prompt you to update your desktop client when a new version is available. However, you can manually check for updates by opening the desktop app, clicking your profile picture, then clicking Check for Updates.
  • Don't share the link to meetings in any public space, such as Twitter or Facebook.
  • Zoom should not be used for conversations that involve restricted (S4) data. Learn more easy, secure tips to working remotely at cybersecurity.osu.edu
  • If you intend to record and share your Zoom meetings, learn more about Zoom cloud recordings and protecting the privacy of your students.
Meeting Setup

The best way to deal with uninvited attendees is to set up your meeting to help keep them out in the first place.

Default Settings

CarmenZoom has a number of default security settings enabled to make your meetings more secure. Think of these default settings like wearing a helmet when you ride a bike. They are designed to protect you and removing those protections opens you up to risks. If you choose to alter some of these settings, it may be harder for Ohio State to look into a situation and identify the offenders in the case of a Zoom bombing attack.

  • Meeting passcodes.  Meeting passcodes create an additional layer that hackers must work to breach. While passcodes will be embedded in meeting links by default, you can choose to turn off this setting and send passcodes to your participants separately. If you are using the Canvas integration to schedule Zoom meetings with your students, you should leave the passcode embedded in the link.
  • Join Before Host is disabled. The Join before Host option allows meeting participants, unwanted or not, to join your meeting before you.

Additional Settings

Consider the following additional meeting settings:

  • Create scheduled meetings with a unique URL for each class session or meeting. Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting, and once someone has the link to your PMI, they can pop in and out at any time the meeting room is in use. To make your personal room more secure, turn on the waiting room option and/or lock the meeting once it begins.
  • Turn on the Waiting Room. The Waiting Room is a virtual staging area that stops your guests from joining until you're ready for them.
  • Restrict access to authenticated users. If all of your attendees have an Ohio State username (lastname.#), restrict access to authenticated users. In the Settings menu at carmenzoom.osu.edu, under Schedule Meeting select Only authenticated users can join.
    If attendees aren't logged in to CarmenZoom when they click the link to your meeting, a login window will appear. They should select Sign In with SSO and enter osu as the domain. See the Getting Started with CarmenZoom guide for more information about accessing and logging in to CarmenZoom.

If some of your attendees do not have an Ohio State username, see the options below for allowing non-university guests.

Options for allowing non-university guests

Using the Only authenticated users can join setting will prevent guests who do not have an Ohio State Zoom account from entering the meeting, including some users from the College of Food, Agriculture and Environmental Sciences and Fisher College of Business, users from Central Ohio Technical College, and some international students.

If your meeting includes non-university participants, you can use other strategies to control who can attend.

In-Meeting Controls

Once your meeting begins, you have a number of options for reducing the chances of disruptions.

Click on the Security icon to manage the following in-meeting security options:

Using the advanced host controls you can also:

Addressing Disruptive Behavior

You've taken preventative steps, but Zoom bombing can still happen. If it does, use the following suggestions to help mitigate the disruptive behavior or participants.

Sharing Cloud Recordings

By default, CarmenZoom cloud recordings require a passcode. Unlike meeting passcodes, recording passcodes cannot be embedded within the link for the recording.

If you are using the Zoom integration within CarmenCanvas, your students won't need a separate passcodes; when clicking to view the cloud recording, the passcode will be copied to the clipboard for them to paste when prompted, allowing them easy access directly from your Carmen course.

Cloud recordings are available to all students enrolled in a course.  Students are not allowed to share these recordings. This is to protect the FERPA rights of all students in the course 

If you have a secure way of doing so (for instance, in your Carmen course, as mentioned above), please leave the setting in place and share the passcode. If sharing the password securely is not feasible, you may disable the passcode from specific recordings or change the default for your account.

Reporting an Incident

If you do experience zoom bombing or other inappropriate behavior in a Zoom meeting, contact carmenzoom@osu.edu with the following information:

  • Meeting ID - For more information see the How do I find a Zoom Meeting ID? FAQ
  • Ohio State username (lastname.#) of the person who created the meeting
  • Date and time of the incident
  • Brief description of the incident
  • If you have a recording of the meeting, do not delete it
  • Save the chat text, if applicable

If the incident involved any type of harassment, discrimination, or sexual misconduct, please report the incident to the Office of Institutional Equity.

See additional information regarding virtual meeting security for both Zoom and Skype at Cybersecurity For You.