Campus Tech comment related to the Zoom message:

1 - Zoom is not alone: Several major online resources have been recently linked to Information Privacy concerns. Facebook and Amazon.com are just 2 of online services that reserved the option to sell user data to 3rd parties. If you have ever 'Googled' a product and the same or similar product is advertised on your Facebook feed, this is the same situation.


2 - Encryption: Usage of this included option in Zoom does improve your security from general attacks. Is Zoom's encryption military grade? Absolutely not. Most video conferencing platforms available today do not even offer End to End (E2E) encryption. The few that do, do so with a significant added cost.


3 - Recording Cloud storage: It is never recommended that any private or privileged information be discussed or presented on recorded sessions in general. If a recording is needed, setting Zoom to record locally to the computer rather than the cloud will add additional protection.


4 - Meeting attacks (AKA Zoom Bombings): A number of large school districts (NYC and LA) have discontinued their usage of Zoom for online learning and administrative work due to classrooms and events coming under attack by individuals and groups that intended to offend or at least disrupt. These organizations ended their involvement with Zoom as an emergency response prior to the release of basic best practices. Endicott Campus Tech is constantly monitoring news, user communities and updates from Zoom for the latest threats and actions that can be taken to protect our users. The bad experiences that are being referenced in the and on social media were from event organizers prioritizing ease of access over security. The best practices recommended by Endicott Campus Technology (CLICK HERE), will soon be divided into 3 possible layers of security.


- Basic covers the minimum recommendations to prevent accidental drop-ins and brute force attacks.

- Standard covers the overall recommended settings to prevent all known forms of Zoom Bombings.

- Maximum is for those users that have had bad experiences and have a need to continue to use the Zoom system.


If you would like further information on Zoom Security options and information, please go to the FreshService support portal ( endicott.freshservice.com ) and read the Zoom Security Information folder within the Solutions Database. This folder is under constant review to make sure that it remains as up-to-date as possible. (CLICK HERE). AV staff is always available for one-on-one consultations and training sessions for those that are unsure on what security settings are best for their particular needs.



Message from Zoom


Security Toolbar Icon for Hosts
The meeting host will now have a Security option in their meeting controls, which exposes all of Zoom’s existing in-meeting security controls one place. This includes locking the meeting, enabling Waiting Room, and more. Users can also now enable Waiting Room in a meeting, even if the feature was not turned on before the start of the meeting. For more information, please visit this recently published Blog.


Invite Button on Meeting Client Toolbar
The button to invite others to join your Zoom meeting is now available at the bottom of the Participants panel


Meeting ID No Longer Displayed
The meeting ID will no longer be displayed in the title bar of the Zoom meeting window. The meeting ID can be found by clicking on Participants, then Invite or by clicking on the info icon at the top left of the client window.


Remove Attendee Attention Tracking Feature
Zoom has removed the attendee attention tracker feature as part of our commitment to the security and privacy of our customers. 


Removal of the Facebook SDK in our iOS client
We have reconfigured the feature so that users will still be able to log in with Facebook via their browser


File Transfers
The option to do third-party file transfers in Meeting and Chat was temporarily disabled. Local file transfer is available with our latest release. Third-party file transfers and clickable URLs in meeting chat will be added back in an upcoming release


New Join Flow for the Web client
By default, users will now need to sign in to their Zoom account or create a Zoom account when joining a meeting with the Web client. This can be disabled by the Admin or the User from their settings page


Join Before Host Emails Disabled
Notifications sent to the host via email when participants are waiting for the host to join the meeting have been disabled.


Setting to Allow Participants to Rename Themselves
Account admins and hosts can now disable the ability for participants to rename themselves in any meeting. This setting is available at the account, group, and user level in the Web portal.


Language for Directory and Company Directory (please note, this does not impact your account)
Domain contacts: For free Basic and single licensed Pro accounts with unmanaged domains, contacts in the same domain will no longer be visible. We’ve also removed the option to auto-populate your Contacts list with users from the same domain. If you would like to keep those contacts, you can add them as External Contacts.


Change in visibility of contacts with same domain (please note, this does not impact your account)
For Basic and single licensed Pro accounts with unmanaged domains, contacts in the same domain will no longer be visible under ‘Company Directory’ in the ‘Contacts’ tab. Consequently, for the single Pro accounts with unmanaged domains, we’ve removed the option in the admin experience to populate Company Directory with users from the same domain. If these affected users would like to keep contacts with the same domain, they can add them as External contacts. This change will not impact paid accounts with multiple licenses and all accounts with managed domains.



Zoom Bombing Security Information