UC Berkeley Zoom
UC Berkeley's Zoom service may only be used for P3 (and below) data according to the Berkeley Data Classification Standard and may not be used to transmit or store P4 data including, but not limited to: Social Security numbers, financial account numbers, or export controlled data. Refer to the Data Classification Standard for a comprehensive list of P4 data types.
This applies to video and audio transmission of data in Zoom meetings, and storage of data via Zoom cloud recordings.
Zoom HIPAA accounts may only be used to transmit HIPAA data (e.g. telehealth sessions). Zoom HIPAA accounts may *NOT* be used to transmit other P4 data.
Zoom is continuously releasing new and improved features for their application. Therefore, it is important that you have the latest version installed.
To update through the desktop-client:
Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu
To download and install new versions through the Zoom site:
- Visit Zoom's Where Do I Download the Latest Version page for instructions.
Note: depending on how Zoom was initially installed on your device an admin password may be needed to install updates. Contact ITCS email@example.com or your departmental IT staff for assistance if your system prompts you for admin credentials.
Zoom-bombing is the term for when individuals "gate-crash" Zoom meetings. These uninvited guests share their screens to bombard real attendees with disturbing pornographic and/or violent imagery. Be sure to secure your Zoom with this tips below. For a complete list see Zoom's manual on Securing Zoom Settings.
If you experience abuse while using Zoom report it to: firstname.lastname@example.org.
2.1 Avoid Hosting Public Meetings
If you share your meeting link on social media or another public location (like a public bCal invite) anyone with the link can join your meeting. Here are some tips you can use to help when needing a public meeting space:
- Do not use your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting and people can pop in and out all the time. Learn about meeting IDs and how to generate a random meeting ID (at the 0:27 mark) in this video tutorial.
- Familiarize yourself with Zoom’s settings and features. Understand how to protect your virtual space. e.g., use a Waiting Room (beginning Sept. 27, 2020 Zoom will require waiting rooms). The waiting room is a helpful feature for controlling attendees.
- Password Protect your Zoom Meetings. UC Berkeley Zoom defaults to require a password for new meetings, instant meetings, PMI meetings or even phone participants. You can also choose not to include the password in the meeting link.
- Avoid ‘Join Before Host.’ The UC Berkeley Zoom 'Join Before Host' setting will be disabled by default so that a meeting will not start until the host starts the meeting. Participants who try to join before the meeting has started will see a pop up dialog that says "The meeting is waiting for the host to join." If you must use the ‘Join Before Host’ option, you should assign a password to protect the meeting.
Security icon: Zoom’s security features, which had previously been accessed throughout the meeting menus, are now grouped together and found by clicking the Security icon in the meeting menu bar on the host's interface.
You can also lock the Screen Share by default for all your meetings in your web settings.
4.1 Allow only signed-in users to join
All participants and hosts will be required to sign into a Zoom account prior to joining meetings hosted by UC Berkeley. If someone tries to join your event and isn’t logged into Zoom with the email they were invited through, they will receive this message:
UC Berkeley's Zoom instance has been configured to allow *.berkeley.edu users who are authenticated in when this setting is selected.
4.2 Lock the meeting:
When you lock a Zoom Meeting after it has started, no new participants can join, even if they have the meeting ID and password (if you have required one). This setting can be found via the security icon in the settings bar.
4.3 Set a password:
UC Berkeley's Zoom now defaults to require all new meetings and webinars to use a password.
4.4 Remove unwanted or disruptive participants:
From the Participants menu, hover over a participant’s name, and several options will appear, including Remove.
- When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin, in case you remove the wrong person.
- Alternatively, you can put each participant on a temporary hold, including the attendees’ video and audio connections. Click on someone’s video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participants list if/when you’re ready to have them back.
- Hosts can turn participant's video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
- Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the noise down in large meetings.
4.5 Turn off file transfer:
In-meeting file transfer allows people to share files through the in-meeting chat. Turn this off to keep the chat from getting unwanted content.
4.6 Turn off annotation:
You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from using it.
4.7 Disable private chat:
Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat with each another during your meeting. This prevents anyone from getting messages during the meeting.
4.8 Use a waiting room or passcode:
Beginning on Sept. 27, 2020 Zoom will require all meetings to use a waiting room or passcode. When attendees join a meeting, place them in a waiting room and require the host to admit them individually. Enabling the waiting room automatically disables the setting for allowing attendees to join before host
Meeting hosts can customize Waiting Room settings for additional control, and you can even personalize the message people see when they hit the Waiting Room so they know they’re in the right spot.
On occasion, you may need to record the audio and/or video of a Zoom meeting to share with others. It’s important that these files are stored appropriately according to the protection level of the data captured in the recording.
5.1 Local Recordings
The UC Berkeley Zoom team recommends using local recordings by default. Local recordings are the most cost effective and afford you the most flexibility afterwards.
Enabling local recordings:
You can enable local recordings and configure settings by signing into the Zoom web portal. See the “For your own use” section in the linked support article.
Sharing local recordings:
Local recordings may be uploaded and shared using the following campus collaboration tools:
NOTE: When using these collaboration tools, you may only store and share Zoom recordings containing P1, P2, or P3 data according to the Berkeley Data Classification Standard.
5.2 Cloud Recordings
The only time you may want to consider using the “Record to the Cloud” option is if you want to temporarily (90 days) make recordings available to others to download or stream directly from the Zoom Cloud. Cloud recordings auto-delete after 90 days. If you use cloud recordings you must secure them (see instructions below).
Recording to the cloud: Read this support article on how to record to the Zoom Cloud
Note: Zoom Cloud recordings may be found by others due to the default naming conventions Zoom uses.
5.2.1 Enabling authentication options:
To prevent your cloud recordings from being discovered publicly, you must enable the “Only authenticated users can view cloud recordings” option under your user/account “Recordings” settings.
Once authentication options are enabled (via the blue toggle button), there are two ways to control who has access to your cloud recordings:
- UC Berkeley Domain -- use if all users in the *.berkeley.edu domain should have access to your cloud recordings
- Signed-in users in my account -- use if only you, the account holder, should have access to your cloud recordings
5.2.2 Password-protection of cloud recordings:
"Require password to access shared cloud recordings" is the default setting on all accounts. This means password protection will be enforced for shared cloud recordings. A random password will be generated which can be modified by the account holder. This setting has been automatically applied to recordings made after Apr. 12, 2020.
If your account has the "Only authenticated users can view cloud recordings" activated, the viewer will be asked to log in with both a CalNet ID and with the recording password. You can turn off the "authenticated" feature on individual recordings and activate the password protection, then the viewer will not have to log in with a CalNet ID but will need to enter the password.
Be aware: Although you can turn off the "Require Password" and "Only authenticated users can view cloud recordings" options, the recordings are not secure and will make them publicly accessible. We recommend using one or both options unless your recording is intended for public use.