Through an arrangement with TechSoup, PND is pleased to offer a series of articles about the effective use of technology by nonprofits.
As organizations have increased their use of remote work tools, Zoom usage has skyrocketed. With this, some basic flaws in Zoom's native and default security have come to light, along with increased concern over privacy. In response to this, Zoom has worked to improve its security and privacy policies.
For most users and usage, Zoom is safe. However, there may be times when it is necessary to gauge the sensitivity of the content of the meeting and either configure Zoom to be more secure or choose another tool altogether. Below are some ways to configure Zoom for particular use cases.
Use the guide below to configure your Zoom account to both maximize your privacy and optimize your experience for different types of remote meetings at your nonprofit.
Open Meeting — No Sensitive Information Shared
If you are using Zoom for an open discussion and would like to make attendance as easy as possible, the default security settings should be appropriate. You should also be pretty confident that no sensitive information will be shared in the meeting.
Board Meeting, Team Meeting, Private or Confidential Meeting — Sensitive Information Shared
If a meeting is likely to result in sensitive content being shared, either in the presentation or the chat window, we'd recommend that you enable the following security features:
- When you schedule the meeting, check to be sure you have required a password and that only the expected participants have been sent the password.
- Expand the Advanced Options section at the bottom of the meeting scheduler. Ensure that you've configured the meeting to require participants to authenticate and log in to Zoom. If they do not have a Zoom account, they will be asked to create a free account.
- Advanced Options also gives you the option to enable a "waiting room" where you can view participants who have joined and then allow them into the meeting.
- Another feature in the Advanced Options area lets you opt to require the host to join the meeting first. This ensures that the host can manage the participants as they join the meeting. (You might also want to add alternative hosts.)
- After you've started the meeting and the expected participants have joined it, lock the meeting from the Manage Participants panel. This will keep others from joining.
- Once the meeting has started, you might not want to allow others to share their screen, to use the chat feature, or to rename themselves. Zoom just released a new Security button for hosts on the toolbar. When the button is clicked, hosts can restrict those activities and set other security options.
For team meetings, it's entirely appropriate to use the settings listed above, with the exception of enabling the waiting room and requiring the host to join first. That way, participants can begin the meeting before the host joins the call. However, if this team plans to discuss sensitive information — for example, employees' personal information — it would be prudent to follow all of the guidelines above.
If you're using Zoom with volunteers and are confident there will be no sensitive information shared in the meeting, the default security settings should be adequate. In this case, however, we recommend you require a password.
If you intend to record your meeting, you have the option to save the recording to your device or save it in the cloud. You can only save to the cloud with a paid account. You can configure the recording to be password-protected or available only to those with the same account info. If you're concerned about the sensitivity of the content, you should definitely consider enabling both of these features.
When You Should Not Use Zoom
Zoom's standard encryption and other security features do not make Zoom appropriate for sharing content or data that, if stolen, could be harmful for your organization's systems or have consequences for your reputation or constituents. Without additional measures — such as those available in the Zoom for Healthcare plan — and professional security auditing, Zoom should not be used to share data such as passwords, personally identifiable information, confidential client data, or medical records.
Michael Enos is senior director of community and platform at TechSoup.