Information security on Zoom
To use AAU Zoom in a secure way (to ensure sensitive and confidential information are protected) you must be aware of the following:
- Only use AAU’s instance of AAU Zoom and log in using AAU Single Sign-On (WAYF). The instance is available via aaudk.zoom.us
- In you have installed Zoom yourself, you need to make sure that you are using the latest version of the software client. This is applicable for PC, Mac, and mobile devices, etc. If you are an employee at AAU and have installed Zoom via the Software Center, updates will be managed by ITS.
- You should not change the settings in AAU Zoom unless you have a specific need for this and is aware of the consequences that the changes may entail. On the AAU instance, ITS have set up standard settings, which address significant security risks when using Zoom.
If you have changed a setting, a “Modify Reset”-label will appear on your AAU Zoom-account as shown below:
To return to the default for this particular setting all you need to do is press Reset.
- If you have used a different instance of AAU Zoom with your AAU-Mail, you will get asked if you want to merge the two accounts when you log in. In connection with this, please be aware of the following:
- If you had created a different account with the intent of using this in connection with your work or study at AAU, you should choose that you want to merge the two accounts.
- If you had created a different account for other purposes then you should change the mail attached to your former account, so that you can continue using it for the purpose which you intended it for. If AAU Zoom identifies an earlier account registered in the same AAU-Mail you will be met by the following message:
- You should apply a meeting passcode when you schedule AAU Zoom meetings. AAU Zoom will generate a random passcode, which differs from each time. Only share the passcode with participants you wish to invite to the meeting. If you need to share the passcode through public or semi-public channels such as Facebook or Twitter you should enable the Waiting Room function to ensure that only valid participants are allowed to enter the meeting room.
- You must always be cautious if you wish to record a Zoom meeting. In compliance with the General Data Protection Regulation (GDPR) it must always be considered if it is possible to collect the desired information in a way which entails a smaller change of personal information getting compromised. Perhaps it could be sufficient to make a written report of the meeting. As a rule of thumb, meetings should not be recorded unless a video recording would have been established at a corresponding physical meeting.
If you choose to record a Zoom meeting, the recording will be stored on the device from which the recording was initiated. The recording (the data file) must be stored securely.
Click here to see how to store data depending on its data classification
Use Zoom in a secure way for conversations containing sensitive and confidential information
If you use Zoom for conversations which contains sensitive and/or confidential information, you must take special precautions to ensure unauthorized persons do not get the opportunity to view or listen to the conversation.
You must do the following when AAU Zoom is used for conversations containing sensitive and/or confidential information:
- You must use the passcode function when scheduling the meeting
- If information about the meeting is saved in a calendar at AAU, the passcode must not be visible to anyone others than people invited to the meeting. Use the private flag when scheduling the meeting, and make sure that the content of your calendar is not shared with unauthorized people.
- You must set up the meeting with the “Waiting Room” function, and only valid participants can be accepted into the meeting.
- During the meeting, the “Waiting Room” and the list of participants must be observed to ensure that only valid attendees participate in the meeting.
The measures that are taken correspond to the measures taken for physical meetings, where conversations with sensitive or confidential information would likewise be held with stricter regard for confidentiality.
See image below for an overview of which data classifications AAU Zoom can be used for: