COVID-19 Updates
Zoom Security and Privacy Concerns
Posted on April 17, 2020
Greetings Colleagues,
There has been quite a bit of discussion both within the California State University system and in our campus community regarding the security and privacy of the Zoom conferencing tool. Since recent news reports may have caused some alarm, I would like to provide some clarity and assurance to alleviate concerns you may have.
It is important to note that many of the reported issues with Zoom are related to the use of the free version of Zoom, general unsecure use of a video-conferencing tool, or insufficient account or meeting settings. Please be assured that Fresno State uses the “enterprise” (i.e. paid) version of Zoom, and the CSU holds a contractual arrangement with Zoom that precludes them from sharing the personal data of any member of our community.
The Fresno State community has found Zoom to be an effective and important tool to support virtual instruction and remote work. Most CSU campuses have been using Zoom for several years now and support its continued use while applying best practices to safeguard meetings from disruption. (See information on Zoom-Bombing.) Although I would hesitate to say definitively that any software we use poses absolutely no security risk, I do not believe Zoom has any greater risk than other tools.
In working with Zoom and the CSU, I have included some best-practice recommendations (below) aimed at reducing risks, while facilitating virtual instruction and remote work. Zoom has also recently added a new Security Icon Option to assist hosts in managing their meetings.
Recommendations for Fresno State Faculty and Staff
-
Send meeting invitations directly to participants via email or posted in Canvas, not aliases or website postings.
-
Turn ON the “waiting room” feature; for virtual classrooms, display a FERPA disclaimer five (5) minutes prior to the start of class.
-
Turn OFF the ability for participants to record sessions for virtual classrooms.
-
Turn ON “set a password” for all meetings/sessions/classes/recordings.
-
Turn OFF “private chat” for virtual classrooms.
-
Turn ON the ability to “mute individual participants” and “mute all.”
-
Turn OFF the ability for participants to “save chat” for virtual classrooms.
-
COMING SOON: Turn ON the requirement to have attendees sign into Zoom for meetings/sessions/classes. (This feature will be fully available in the near future.)
What has Zoom been saying about its own security and privacy efforts?
Zoom is responding and being proactive in ways that indicate security is a high priority.
-
A list of recent updates to Zoom, including enhancements to security and privacy
-
Announcement from Zoom’s CEO, Eric Yuan regarding its commitment to its customers (April 1)
-
Announcement of Zoom's new security advisory board (April 8)
-
Update on Zoom’s 90-day plan to bolster security and privacy (April 8)
I will continue to work closely with the CSU Chancellor’s Office and Zoom to address concerns as they arise. If a different assessment in the areas of security and privacy were to be made, I would communicate with you promptly. Please take a moment to review the most recent statement from the CSU Chief Information Security Officer regarding the real and perceived security and privacy risks about Zoom.
Thank you for partnering with me to ensure the safety and privacy of our faculty, staff and students.
Sincerely,
Orlando Leon
Vice President for Information Technology and Chief Information Officer