Zoom&Security

Precautions and good practices to avoid accidents

The careful use of the tools and the adoption of appropriate precautions protect the conduct of web conferences and their participants. The Zoom platform is constantly updated and monitored by its developers, but the collaboration of those who use it is essential to avoid security incidents, hacker attacks or unpleasant situations of intrusion from the outside ("zoombombing").

Precautions and recommendations to mitigate the risk of potentially very dangerous events also for
the reputation of the University.

Access, licenses and client

  • the event must be organized using Zoom University's licenses and not personal ones
  • only hosts and co-hosts can present (i.e. share their screen)
  • it is necessary to be absolutely certain of the identity of the collaborators before promoting them to the role of co-host

Link and password

  • the link to the Zoom event must not be advertised or published on web pages or public message boards (e.g. Facebook): the link must only be sent to those who have registered for the event
  • the password for accessing the event must be reasonably complex (at least 6 alphanumeric characters: in general, the random password automatically generated by Zoom can be accepted) and must never be published
  • when possible, the password of the event should be sent (to the participants only) in a separate communication from the one used to communicate the link to the event. The password should also be sent shortly before the start of the event
  • personal meeting IDs should not be used for scheduling events

Participanst (“committee”)

  • only registrations from users using institutional emails should be accepted (if possible). In the case of UniTrento students, therefore, it is appropriate to accept only registrations from @ students.unitn.it addresses
  • before the start of the events,  provide (if possible) a waiting room in which to "recognize" users before admitting them to the virtual room
  • once the meeting has started ,entry to further new participants should be blocked (if possible)
  • the participant must be prevented from changing his/her ID within the meetingit is always advisable to appoint a suitably trained person to follow the entire event, ready to intervene in case of need. The person must be able to promptly expel any event participants who behaved incorrectly
    only one speaker should be allowed to present (i.e. share their screen)
  • it is always advisable to appoint a suitably trained person to follow the entire event, ready to intervene in case of need. 
    The person must be able to promptly expel any event participants who behaved incorrectly
  • it is always advisable to allow only one speaker to present (i.e. share his/her screen)

Application and features

  • the Zoom client must be kept strictly updated on the host and co-host devices
  • you should ask to disable unnecessary functions (e.g. whiteboard, annotation)
  • any chat messages must be directed exclusively by the participants to the host (and not to all or to individual other participants)