Using Zoom for Group Meetings

Guidance and Policy for Keeping Safe

Version 1.0 July 2020

We appreciate that many of you are missing the support offered by group meetings and understand that online meetings may be a helpful alternative to face to face contact.  Online meetings can also facilitate participation for more members who may not be able to travel to meeting venues.  Zoom is a user-friendly online application you can use to organise online meetings but there are security and data protection weaknesses and therefore we are producing this guidance and policy for keeping safe whilst using Zoom.

Whether using a free or paid for a license for Zoom you must take special care to adhere to this guidance and report any concerns, or breaches of security and data protection to our Data Protection Officer, Clare at data@nras.org.uk.  When doing this please make sure you put "Data Protection Report" in your email subject heading.

You can use Zoom for…

  • Online meetings
  • Sharing documents in the public domain (such as published leaflets)
  • Sharing documents approved internally by NRAS for external use

Please do not (under any circumstance) use Zoom for…

  • File sharing or screen sharing of private information or private files
  • File sharing or screen sharing of information or files that contain personal/sensitive data
  • Storing any documents
  • Recording your meetings online

How to keep you and your members safe from security and data protection risks while using Zoom

No Guaranteed Privacy

There are have been issues with Zoom in terms of privacy so potential risks need to be carefully considered before and during any meeting you host. As mentioned previously, do not discuss or share information that is not publicly available over Zoom. This restriction need not stop you using Zoom if you follow the guidance below on how to conduct meetings safely.

  1. Prevent unwanted visitors. Meeting ID’s for Zoom are easy to find and potentially allow attackers to join your active meetings. To stop this:
    1. Always arrange a meeting from the Schedule option on the Zoom homepage so that a password is created - this needs to be used when participants join.  Do not use your Personal ID for the meeting, select the Generate Automatically option.
    2. Share your meeting ID privately. Do not post it to social media pages, where anyone can find the ID using a simple search.
    3. Ensure the Enable waiting room is selected when creating a meeting – this allows you to see who is attempting to join the meeting before you allow them access. Do not allow anyone in if you don’t recognise them as an invitee. Under Meeting/Advanced Options ensure “Join before Host” and “Record meeting automatically” are unticked (they should be by default).
    4. Always lock the meeting once attendees have joined and assign at least one co-host. The co-host will be able to help control any situation that may arise if, despite all your precautions, an uninvited guest does access your meeting.  Learn more about this and how to stop a participants video here  
    5. When in the meeting don’t enable the function allowing visitors to change their name

  1. Manage your participants during a call to prevent possible instances of inappropriate content being displayed by a participant. Decide who can use their camera and microphones by clicking “Participants” and selecting the appropriate icon/option (but remember not to tick the Rename or Record options). 
  2. Assume what happens in Zoom does not stay in Zoom. As mentioned previously, do not record Zoom meetings as ultimately the file could find its way into malicious hands.

Finally, remember that without a purchased licence, Zoom sessions can only last up to 40 minutes.

If you need any further support with setting up your group meetings via Zoom, please email Emma Bartlett on emmab@nras.org.uk

NRAS is a registered charity in England and Wales (1134859) and Scotland (SC039721). A company limited by guarantee. Registered company in England and Wales (7127101).