Safe video conferencing
Media Services
Concerned about your video conference meeting's security? Follow these best practices to have a safe video conference.
Be careful about sharing your meeting ID
Though you may want to recruit as many people as possible to your meeting or live event, exposing your Meeting ID on social media, websites or other public forums can attract the wrong kinds of attendees. There are many examples where attendees have shared unsavoury content in "all-welcome" events. Be extra vigilant about this if your meeting involves students.
Always use a passcode on your meeting
Meeting organizers should apply a passcode to heighten meeting security. Passcodes add an additional layer of security, allowing only those with the correct code to join the meeting. Some videoconferencing services offer advanced fraud detection to detect and report on repeated login failures and meeting join failures. This helps block the type of malicious intruders who scan for meeting IDs over a set period of time. Never share the passcode in your meeting link - be sure to send it separately to your attendees.
Use a unique meeting ID
A common problem occurs when a meeting host with back-to-back meetings uses their Personal Meeting ID. One meeting overruns and the participants for the next call join, listening in to the previous meeting. University Systems recommends you always use a One-Time Meeting ID.
Keep watch on meeting joiners
Meeting hosts have the ability to track who joins meetings in a variety of different ways. Most allow the host to set an audible alert to announce when new attendees join. Some also display entry and exit banners with the names of joining attendees on-screen. The host should also view the meeting roster to verify who is on the videoconference. If unrecognised or anonymous names are on the list, ask them to confirm their identity by voice or chat.
Waiting rooms on UVic Zoom meetings are enabled for meeting guests, allowing you to screen those joining your meeting. Signed-in users in our UVic tenant do not have to wait.
Master the controls
To prevent unwanted participants joining your meeting or event, Zoom allows the host to eject or drop a participant and prevent them from re-joining. You can also lock your meeting once all of the required individuals are present. These options are critical when you plan to cover sensitive or confidential information.
Read more about Zoom's in-meeting security options.
Mute participant audio and video
The host can mute the audio and video of some or all participants, and put the meeting in "host-only" mode. This helps keep the group focused and prevents disruptions, including from unwanted guests. Participants that want to ask questions have other options such as virtually "raising their hands" or using the chat.
Cloud-based recording
Cloud-based recording in Zoom has been syncronized with UVic's Echo360 platform and Brightspace in order to streamline the process of sharing recordings and posting content to course pages. When a Zoom recording is saved to the cloud the files will initially appear on the users Zoom profile on the Zoom website where it will be retained for one week. For those with Echo360 access the recordings will also appear in their Echo360 Media Gallery within 24 hours of the recording being made and can be easily posted to Brightspace from that location.
It is recommended that recordings be saved to the cloud as opposed to local computers.
Review the privacy policy
Currently, our Zoom tenant is hosted outside of Canada. University Systems encourages you to review Zoom's Privacy Policy. If you have any questions, please contact UVic Chief Privacy Officer and Legal Counsel, cpo@uvic.ca, prior to using this service
Always practice basic security hygiene
Many cyberattacks start with a phishing campaign. If you receive a link by email or social channels to join a video conference, contact the sender to confirm its legitimacy. Never open links and attachments in emails from unknown senders. Look for the classic clues of phishing like spelling errors in URLs and emails.