RECAST | Zoom security: best practices

———- Forwarded message ———-
From: Williamson, Elizabeth <williame@evergreen.edu>
Date: Apr 3, 2020, 4:26 PM -0700

Dear colleagues,

Many of you have been sharing helpful resources with the Keep Teaching Team, and with each other, related to Zoom security. Thank you!

This email is an attempt to consolidate some of the best available information. There is no perfect platform that will prevent bad actors from infiltrating your remote classrooms, but there are things you can do to mitigate your risk.

What is Zoom-bombing?

‘Zoom-bombing’ is a recent phenomenon that refers to bad actors dropping in and disrupting Zoom meetings. In most cases of the trend, people have been taking advantage of the automatic Zoom setting that allows call participants to share their screen without permission.

What can I do to prevent it?

The best advice is to explore all of the options in your Zoom settings, which you can access by logging into your profile at Evergreen’s zoom site.

Here are a few of the things our technology team recommends:

• Turn off participant screen sharing (this has been set as a global default on Evergreen Zoom accounts).
• Lock the meeting after everyone has arrived, or after an agreed upon time (so students know they can’t get in if they’re late).
• Activate the “waiting room” feature, so that you know who’s coming in. For waiting rooms to be effective, make sure to request that your students use a name in their Zoom profile that you are familiar with.
• Ask your co-faculty or a student (someone who isn’t presenting/facilitating) to monitor the chat for unwanted comments – you may also want to consider limiting/turning chat off altogether.  
• Don’t share Zoom links on websites that aren’t protected behind an Evergreen sign-in. Canvas is the best place to put them, but Evergreen email (to small groups) is also a good option. Articulate an expectation that students won’t share those Zoom links with anyone who is not a student in the class. 

Where can I learn more?

Academic Technologies staff have created a resource page for you called Zoom Security – Best Practices for Scheduling Meetings.
The “Keep Teaching Canvas site has a whole module on Zoom tutorials, which will help you understanding the settings and tools within the platform.

Why use the Zoom app?

There have recently been issues with browser-based access to Zoom; please encourage your students to use the Zoom app whenever possible. We also recommend that you regularly “Check for Updates” from within Zoom app. There have been several recent critical security patches.

What about encryption and user data concerns?

We’re looking into these issues — for now, our assessment is that this is the most accessible and effective technology for students, especially because of the Canvas integration.

What about FERPA?

A new workgroup (Lori Klatt, Eric Pedersen, myself) has solicited advice from the Assistant AG and we are currently crafting FERPA guidelines for your remote teaching. We appreciate all of you who are already thinking proactively about student privacy. The basic guideline to keep in mind is that if students are involved, they should only be sharing their personal & academic information with you and with other students in the offering. If you are recording any aspect of your class session, you are obliged to get permission from everyone present, and you are creating a public record that can be requested by anyone.

—–

As always, the Tech Support Center, Academic Computing, Media Services, Keep Teaching and Keep Learning Institutes staff as well as student-workers and interns are here to help. Submit a ticket to help.evergreen.edu if you need help with Zoom, protecting your meeting or anything else technology related.

With admiration and gratitude for all that you are doing,

Elizabeth (on behalf of much smarter people on the Keep Teaching team)

–Elizabeth Williamson, Ph.D.(pronouns: she/her)
Dean of Faculty Hiring and Development