Zoom Security Guidance

April 20, 2020

Please read the following official message from Barry Brummund, CIO, University of Arizona, regarding Zoom guidance under the current circumstances issued on April 20th, 2020.


Dear Colleagues,

Due to the COVID-19 pandemic, a majority of the University of Arizona’s remote faculty and staff are using the Zoom video conferencing platform to deliver instruction and conduct meetings. You may have read recent articles in the press about a security issue occurring in Zoom when uninvited attendees break into and disrupt your meeting or class, also known as "Zoombombing."  

The University is averaging 25,000 weekly Zoom sessions, and while we have received relatively few reports of classes and meetings being disrupted by invited or uninvited participants, we have received some. This behavior goes against the University’s Nondiscrimination and Anti-harassment Policy and the Student Code of Conduct, which prohibit all forms of harassment in order to foster a safe, healthy, and responsible environment for Arizona students, faculty, and staff. Additionally, sharing Zoom links beyond their intended audience violates the Acceptable Use of Computers and Networks Policy. We expect all members of our community to uphold these policies, treating each other with respect, whether on or off campus. 

Fortunately, the University of Arizona has security measures and best practices you can use to protect the security of your meetings. Our enterprise license is FERPA compliant and allows for additional actions faculty and staff can take, whereas free Zoom accounts are more vulnerable to hacking attempts. The Zoom for Health service provides additional, HIPAA-compliant security controls. The University is continuing to use Zoom for instruction and business purposes.  

SECURING YOUR MEETINGS

To secure your meetings and classes, use the University’s enterprise account, not a free Zoom account. 

  • Visit arizona.zoom.us (or uahs.zoom.us for Health Sciences employees) and click “Sign In” to log in with your NetID, password, and NetID+.
  • Open the Zoom app and click your user profile in the upper right corner to sign out and sign in again via "SSO" to arizona.zoom.us, with your NetID, password, and NetID+. 
  • Class meetings should be initiated from within D2L.

Top tips for securing your meeting include:

  • Do not publish Zoom meeting links on publicly available webpages or social media
  • Password-protect your meetings
  • Use a waiting room or lock the meeting (depending on number of participants)
  • Permanently remove problem participants
  • If all participants and hosts have a NetID then require NetID authentication (if any do not have a NetID then you cannot use authentication)

Additional best practices for protecting your meetings and classes can be found at: https://it.arizona.edu/documentation/zoom-security-options. As new security features are implemented, they will be added to this webpage, which also includes resources for those sharing sensitive information and contacts for reporting Zoombombing. For questions or issues with Zoom, contact AcadTech@arizona.edu(link sends e-mail).

In another effort to provide transparency around security, the University Zoom license has been configured to always prompt when a session is being recorded. You will have the choice to continue in the meeting or to leave it. Instructors who record classes should clarify with students their policy around attendance—whether leaving a meeting at the prompt will affect their grade or whether they may view the recording asynchronously without penalty. The “Virtual Learning Platforms and Privacy” guidance can be accessed here:  https://privacy.arizona.edu/privacy-resources.

All students will receive a similar communication from the Dean of Students about Zoom best practices and the importance of upholding the Student Code of Conduct while participating in classes via Zoom. 

Thank you for your continued attention to security as we navigate this remote work environment. 

Barry Brummund
Chief Information Officer