Alert: Security and Data Privacy Considerations for Zoom Users | Information Technology | University of Pittsburgh
!

Alert: Security and Data Privacy Considerations for Zoom Users

Tuesday, March 31, 2020 - 23:49

 

Effective April 4, screen sharing for participants is disabled by default. Meeting hosts and co-hosts can share their screens. Meeting hosts can also enable participants to share their screens, if needed.

The rapid adoption of Zoom video conferencing by universities across the country has helped facilitate remote teaching and work—including at all campuses of the University of Pittsburgh. Unfortunately, media reports indicate this useful tool has also become the target of “Zoombombing” by bad actors, a practice in which uninvited attendees disrupt a meeting by sharing inappropriate or offensive material. Such an incident occurred during a public forum hosted by the University on Tuesday evening.

Those hosting Zoom meetings and webinars should take steps to prevent such incidents. Key recommendations from Pitt IT’s recent blog article on Zoom best practices include:

  1. Distribute the Zoom meeting link privately to attendees and ask them not to share it
  2. Set a meeting password
  3. Allow only signed-in users to join
  4. Restrict screen sharing. Effective April 4, screen sharing for participants is disabled by default. Meeting hosts and co-hosts can share their screens. Meeting hosts can also enable participants to share their screens, if needed. 
  5. Lock the meeting once it begins to prevent new participants from joining
  6. Mute all participants and disable self-unmuting to keep background noise to a minimum
  7. Disable private chat so that participants can only chat with the host and not each other
  8. Turn off a participant's video if they are being disruptive
  9. Understand in advance how to remove disruptive participants

Reports of concerns over privacy when using Zoom have also been making news. It is important to understand that these reports are generally related to the free version of Zoom. All Zoom accounts created under the University of Pittsburgh’s enterprise agreement include greater data protections designed for research and education organizations. For example, our agreement stipulates that Zoom may only use the data it collects to provide Pitt with service. Our agreement also provides additional protections for data whose use is governed by FERPA and HIPAA.

Therefore, it is also recommended that users of free accounts create a Pitt account for use in any University-related activities. If you have a personal Zoom account that uses your University email address (you likely sign into it at zoom.us, instead of pitt.zoom.us), Pitt IT advises switching to an enterprise Zoom account.

Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.