Zoom Privacy & Security | Webster University

Zoom Privacy & Security

Webster University takes seriously your privacy information that will affect our students and employees.  It is our goal to be sensitive and respectful of your personal information and to adhere to all facets of all privacy laws and regulations both domestic and international. Please be aware that all personal data you provide are subject to our privacy policy which can be found at our website http://www.webster.edu/privacy-security/

Read Zoom's Privacy Statement

Teleconferencing/Videoconferencing Policy
Default Security Settings
Additional Meeting Privacy & Security Best Practices
Security-Related FAQs

Teleconferencing & Videoconferencing Policy

Users should only use University-sanctioned teleconference/videoconferencing services.  Users of tele/videoconferencing must agree to comply with all applicable Webster University security policies and procedures or any other applicable institutional policy.  All conference calls that include or may include an external audience (including vendors) must follow a security protocol. For public virtual events, prior registration is required. All aspects of the University’s Acceptable Use Policy apply. This policy is in effect immediately and until further notice.  

Default Security Settings

We have implemented certain default features to help support a secure meeting experience, including:

Required Waiting Room for all Meetings - Meeting hosts must admit waiting participants. Meeting hosts can assign co-hosts/alternate hosts to sign on to meeting early and let people in if needed. This feature cannot be turned off.

Disable full screen sharing - To protect hosts & participants from sharing information on their screen that was inadvertently left open (i.e. a confidential email), the ability to share your entire computer screen has been turned off by default and instead you must select individual application(s) to share. While you can change this setting in your account options, you should be very cautious if you choose to do so and ensure no private or confidential information is open on your computer prior to sharing

Local Recordings Disabled - The ability to record a meeting locally to your computer has been disabled. This feature cannot be enabled.

Cloud Recordings Deleted Automatically Every 30 Days - A meeting you record to the cloud will only be available for a period of 30 days, after which it will automatically be deleted.

Additional Meeting Privacy & Security Best Practices

Please remember that protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of the technology and services available to you complies with any applicable laws, regulations, and policies.  There are additional settings and best practices to ensure you provide the most secure meeting experience possible.

Pre-Meeting Security Options via Account Profile
Scheduling a Meeting Security Options
In-Meeting Security Features
General Security Best Practices

Pre-Meeting Security Options via Account Profile

There are a number of settings you can adjust in your account profile to add enhanced security to your meetings. The settings below are set on the account level which means they apply to all your meetings unless you change these settings or alter additional settings at the scheduling meeting level. To access these settings:

  1. Log on to https://webster-edu.zoom.us
  2. Click on Settings underneath the Personal menu on the left
  • Require a Passcode When Scheduling New Meetings - You can enable this feature to require a passcode for participants to enter your meeting in addition to the waiting room
  • Only Authenticated Users Users Can Join Meetings - This option is disabled by default, however, if you are NOT expecting any guests or participants without an @webster.edu account, you can enable this feature for extra security
  • Join Before Host - This option is disabled by default. It is recommended to keep this option disabled to prevent individuals from joining the meeting before you. Because we have Waiting Room enabled, no one will be able to join before the host unless they are an alternate host
  • Screen Sharing Controls - If you expect to be the only person sharing content during the meeting, you can and should adjust this setting to only allow the host to share content instead of all participants. We do not recommend disabling the setting to prevent full desktop screen sharing due to security concerns mentioned above. Keeping that setting enabled ensures individuals have to select specific applications to share
  • Virtual Backgrounds - If you have concerns about participants using inappropriate virtual backgrounds, you can disable this setting

Scheduling a Meeting Security Options

Additional options to enhance security are available when scheduling individual meetings:

  • Meeting Passcode - If you do not wish to require a meeting passcode at your account level, you can choose to set a passcode at the meeting level for any individual meeting you schedule
  • Registration - Check the Required box for Registration to require participants to register for your event. It is university policy to require registration for any virtual public events. After you click this box, enter all other meeting details and click Save, you will then see a Registration section at the bottom of the page. From there, you will be able to edit all Registration settings and options. You will also see the Registration Link that you can pass on to others. Do not provide the meeting link or ID directly. Retain that for your purposes only
  • Meeting ID - Do not default to your personal meeting ID for every meeting. Instead, choose to Generate Automatically
  • Join Before Host - Keep this unchecked to prevent participants from joining before you. You can add an Alternative Host to your meeting for assistance in starting a meeting on your behalf or before you join. Note: Because we have Waiting Room enabled and locked, participants will not be able to join before you regardless unless they are an alternate host
  • Only Authenticated Users Can Join - If you are not expecting guests or individuals who do not have @webster.edu accounts, you can check this box for any individual meeting. Please be advised this will require every participant to log on before joining if checked

In-Meeting Security Features

There are a number of things you can do to prevent or respond to disturbances that may happen during the meeting itself:

  • Assign a Co-Host - Depending on the size of your meeting or class, it may be difficult to both run the meeting and manage participants. Assigning a co-host can help with muting/unmuting participants and moderating chat activity. To assign a co-host in a meeting, move your mouse over their name in the Participant list, click on More and then select Make Co-Host.
  • Mute a Participant - You can mute individual participants by moving your mouse over their name in the Participant list, clicking on More and then selecting Mute. You can prevent all meeting participants from unmuting themselves by using the Security menu. Please see more information below.
  • Stop a Participant's Video - If you need to stop a participant's video, move your mouse over their name in the Participant list, click on More and select Stop Video. You can also click the three dots (...) at the top right of their video in the Gallery View to access this option as well. They will not be able to restart their video unless you choose the option to ask them to.
  • Remove a Participant from Meeting - If a meeting participant is disruptive or should not be in the meeting, you can remove them by moving your mouse over their name in the Participant list, clicking on More and then selecting Remove. Once you remove a participant, they cannot rejoin the meeting. You can also choose to send them back to the Waiting Room instead. 
  • Chat Controls - To access Chat controls for the meeting, click on Chat from the meeting toolbar and then the three dots (...) to the right of File. You can limit chat to the Host Only, allow everyone to chat publicly, allow everyone to chat both publicly and privately or restrict chat altogether. 
    Zoom Chat Options
  • Security Menu & Lock Meeting - You can quickly access key security options for a meeting by clicking on the Security button from the meeting toolbar. If all your expected participants have joined the meeting, from here you can choose Lock Meeting to prevent anyone else from entering. From this menu you can also choose to disable screen sharing for participants and prevent them from chatting, renaming themselves or unmuting themselves. 
    Zoom Security Menu

You can also view Zoom's support article on Managing Participants in a Meeting by clicking here

General Security Best Practices

There are a few other things you can do to ensure a secure meeting experience:

  • Always keep your Zoom client up to date with the latest version
  • Never publish your meeting links publicly. Anything posted publicly should be a registration link ONLY
  • Remind participants not to share meeting details
  • If you require a HIPAA compliant account, please stay tuned for further information regarding this option. Until then, avoid discussion of PHI/HIPAA-related information in a Zoom meeting
  • If you record a meeting to the cloud, restrict access to view the recording to authenticated users (individuals with an @webster.edu account) only

Security-Related FAQs

Q: When should I use the registration feature for meetings/events? 

If your meeting/event is one you plan to promote and/or post publicly (for example, advertising the event on Twitter, Facebook, public web sites), this should be set up as a registration required meeting per University policy. 

Q: How do I set up registration for a meeting?

Please see this Zoom support article -> https://support.zoom.us/hc/en-us/articles/211579443-Setting-up-registration-for-a-meeting

Q: Are registrations approved automatically for registration required meetings?

This will be your choice when you modify the registration settings for the meeting/event. Zoom will default to approving all registrants automatically unless you choose to change that setting. If you wish to retain more control over who can register for your event, you can access the Registration settings and choose to manually approve registrants. To access this area, log on to https://webster-edu.zoom.us and click on Meetings from the Personal menu at the top left. Click on the name of your meeting and then scroll down to the very bottom of the page. Click on Edit to the right of Registration Options from the Registration tab. Then choose the option to Manually Approve under Approval.

Q: Is there anything special I need to communicate to registrants for a registration required meeting?

When you set up a meeting to require registration, any participant of that meeting must use the Zoom desktop client or mobile app to connect. They will not be able to join the meeting if they use the Join by Browser option. You can add customized information in the confirmation email to let your registrants know this and to instruct them to download the client in advance. Please see https://support.zoom.us/hc/en-us/articles/211579443-Setting-up-registration-for-a-meeting for more information. 

Q: Do meeting recordings log participants names and the meeting chat?

The default recording settings do not save participant names in the recording nor does it automatically save the meeting chat as part of the recording unless you went in and changed these settings at your account level. We do not recommend changing these settings unless absolutely necessary in order to protect the privacy of your meeting participants. In addition, meeting chats can be saved manually. If a chat from a meeting must be saved, we recommend using that method instead of saving automatically as part of a recording. 

Q: When should I use my personal meeting ID versus generating a meeting ID automatically?

Your personal meeting ID is a static link/number. It is the default meeting that starts when you launch an ad hoc meeting. In general, it is best to generate a meeting ID automatically compared to using your personal meeting ID for everything. Because your personal meeting ID is a static link/number, there is greater risk of someone being able to access the room when they may not have been invited to a specific meeting you are hosting. Additionally, if you have a habit of hosting back to back meetings, a randomly generated ID is better. If your existing meeting runs over, having different meeting IDs would allow you to assign someone else to be host of the first one if the conversation needs to continue so you can then leave to start your other meeting (as Zoom will only allow you to host one meeting at a time).  You also cannot set up registration for your personal meeting ID/room only for scheduled meetings with automatically generated IDs. Personal meeting IDs should never be used for public events. Two scenarios where it may be fitting to use your personal meeting ID depending on the circumstance would be for stand-up/ad hoc meetings you need to start instantly or scheduled office hours. 

Q: What is the difference between an alternative host and a co-host?

An alternative host is set in advance when scheduling the meeting and is an individual who will be able to start a meeting on your behalf. This allows them to bypass the waiting room. If you are already signed in to the meeting when they join, they will automatically be assigned a co-host role. If you are not already signed in to the meeting when they join, they become the host by default. This means that you will want to have them turn over host privileges to you when you join the meeting. This functionality will only work if your alternative host is logged into their Webster Zoom account when they click on the meeting link. It will be important to inform your alternative hosts of the requirement to be signed in to their accounts. A co-host is someone who can help you with the management of the meeting and the attendees (i.e. letting people in from the waiting room, muting people, etc.).  Co-hosts can be identified in advance if you want them to be able to start the meeting (as an alternative host) or on-demand in the meeting itself by moving your mouse over the name of the individual you wish to make a co-host, clicking on More and then Make Co-Host

Q: Can alternative hosts be individuals outside of Webster University?

No. Alternative hosts can only be individuals with a Webster Zoom account. You can, however, assign co-host privileges to someone outside of Webster University, but this must be done on-demand in the meeting itself from the Participants list using the instructions in the question above. You should only assign co-host privileges to individuals you trust and those who also understand security best practices for meetings. 

Q: If I remove a participant from a recurring meeting, are they able to join future meetings?

Yes. When you choose to manually remove a participant from a meeting, regardless of whether it is recurring or not, it applies only to the active session for the meeting. This means when you end the session and restart it for the next class/meeting date, that individual would be able to rejoin. 

Q: If a meeting participant is being harassed in the chat by another participant, what can I do as the host to address it?

You can restrict meeting participants from chatting privately with each other and limit them to chatting with Host only or to only chat publicly. Please review the Chat Controls settings in the In-Meeting Security Features section above. 

Q:  When you save a chat are participant names recorded in the transcript? 

Yes - only if the participant sent a chat message during the meeting to either you privately or publicly to all participants. Be mindful of this before sharing any chat transcript with someone else. You should also always review a chat transcript to make sure nothing private or confidential was discussed if it needs to be made available to someone else. 

Q: When you save a chat do private messages get recorded in the transcript?

Yes, but only private messages that were sent to you as the Host. Private messages that are sent among other meeting participants to each others are not captured in the chat transcript that you save. 

Q: If I stop a participant's video, are they able to restart it?

No. Once you manually stop someone's video they will be unable to restart their video unless you choose the option to ask them to restart. Both the options to stop someone's video and ask them to restart it are located under the More menu when you move your mouse over their name in the Participants list. 

Q: How can hosts tell which participant is screen sharing?

When a participant starts sharing their screen, you will see some text in a green background at the top of your screen that tells you whose screen you are viewing. You can click on View Options and then Stop Participant's Sharing if you need to stop them from sharing their content as shown below:

Zoom Screen Share

You are also able to see who is screen sharing via the Participants panel. There will be a white up arrow within a green rectangle next to the participant who is screen sharing as shown below. You can also access the Stop Participant's Sharing option from the More menu after hovering over their name. 

Zoom Screen Share

Unlike when you stop someone's video, there is nothing preventing that person from re-sharing their screen. If the person is sharing content maliciously and it is not a situation where someone is accidentally sharing content, you may need to remove the person from the meeting instead of just stopping their sharing. This is why it is very important to turn off the option for screen sharing for participants at the meeting level unless there is a critical reason why participants would need to share their screen during a meeting. 

Q: If you lock a meeting and someone gets disconnected, will they be able to rejoin?

No. Once you lock a meeting, the individual is not even let into the Waiting Room which means you won't be notified of their attempt to get back in. If you notice someone has been disconnected from a locked meeting and are expecting them to rejoin, you can temporarily unlock the meeting until they get connected back in. 

Q: I had a meeting that was disrupted maliciously. Who should I report this to? 

Please submit an IT ticket to support@webster.edu. Information Technology will then notify all necessary parties, including the Office of Privacy & Information Security. The more information you can provide the better, including the meeting ID, meeting date/time, approximate time of disruption and if you noticed the name of the person who shared or performed the malicious act.