Zoom and Cybersecurity Must-KnowsMimi Cohen Dell | Office of Information Technology Apr 7, 2020
Over the past week, universities across the country including ours, have been invaded by Zoombombing – uninvited participants harassing students, faculty and staff during classes and meetings. The issue has been so alarming, that the FBI is investigating these incidents and recommends exercising due diligence.
Here’s what we want you to know
- Zoom settings. Zoom has changed some settings for universities in order to address these security issues. Our Zoom administrators have re-enabled screen sharing and the waiting room feature for CU Denver and Anschutz. File sharing from a third-party cloud storage provider in Zoom Chat is currently undergoing review from Zoom and the service is offline. For status updates, visit Zoom’s Service Status page.
- Zoom security. It is very important to follow Zoom’s security best practices. One of the most basic rules is to never share Zoom meeting links on social media, the internet, or any public place. (Sharing your Zoom invitation link publicly is like giving out your cell phone number for anyone in the world to text you!) View a full list of best practices and guidelines to prevent Zoombombing and check out Zoom’s guide for keeping unwanted people out of your Zoom meeting.
- University data safeguards. The university has agreements in place with both Zoom and Microsoft Teams to protect university data including highly confidential HIPAA and FERPA data. Zoom and Teams are video applications that are approved for continued use – please do take proper precautions by reviewing and understanding the best practices for using Zoom and Teams. For more information about HIPAA, visit the Office of Regulatory Compliance’s Health Insurance Portability and Accountability Act webpage.
Avoid being a victim
- There has been a significant increase in cyber scams during the COVID-19 health crisis including fraudulent phone calls and phishing emails. As most of us are working away from our secure university network while using Office 365 applications and Outlook email, please remember to always be aware:
- Don’t provide your user name, password or any personal information requested by unsolicited email.
- Be sure to check service providers’ credentials before providing any information whether it’s over the phone or via teleconference.
- The University of Colorado’s Office of Information Security team has provided additional details about what to look for in phishing emails here.
Additional information about working, teaching and learning remotely is available through the OIT webpage. Questions about securing your classes and meetings via Zoom, staying safe from cyber security threats, or technical support? Contact our Service Desk team: