Information Services Division


Securing your Zoom meeting

There are a number of features that you can enable to make your meetings more secure and these can be set right at the start when you schedule your meeting.

Automatically generate a meeting ID

For each meeting that you schedule, you can either allow Zoom to use your personal meeting ID, or generate a new meeting ID for each meeting (please note for recurring meetings, the meeting ID will always be the same, even if you select to generate a new meeting ID).

Your personal meeting ID never changes, meaning that if you use it to schedule a meeting, any attendee from that meeting has your credentials and the ability to join any future meetings you set up. It is therefore strongly recommended that you do not use your personal meeting ID for scheduled meetings.

By default, an automatically generated ID is used at UCL.

Enable password

In addition to using the meeting ID, you can also set a password for your meetings; this option is on by default at UCL. This means attendees are required to enter the password in addition to the meeting ID to join.

Enable waiting room

This feature means that attendees will not be able to join your meeting automatically, but will have to wait for you to manually admit them. This provides security if a person has obtained the meeting ID but should not be attending. At UCL all internal attendees who are logged in to their UCL Zoom account will be able to join the meeting without being put in the waiting room; all externals will be placed in the waiting room until the host admits them.

Note that if you enable the setting join before host then you will not be able to enable the waiting room as these features are mutually exclusive.

Only authenticated users can join meetings

If this is set, it means that any participant in your meeting needs to have set up an account. There are two options within this setting:

  • UCL users
  • anyone with a Zoom account.

The UCL users option is the default and is the most secure but it means that legitimate external guests will not be able to join. Therefore you should not choose this option if you have external attendees. If you choose anyone with a Zoom account, this includes anyone with a free account but it means they cannot join as a guest. The user must be signed in to their Zoom account in order to join.

If your meeting is a teaching event, ensuring that only UCL users can join means that students need to sign in to attend the event. This makes it much easier to record attendance.

Lock meeting

Once all the attendees that you are expecting in your meeting have joined, you have the option to lock the meeting. This prevents others from connecting to the meeting. However, please note that by locking the meeting the host can no longer see if there are others trying to get in to the meeting. Locking the meeting may not be appropriate if you don't have a defined attendance list.

To lock the meeting as a host, click on the security button on the menu bar and select lock meeting.

Are there any privacy concerns with regards to using Zoom?

Zoom needs to be treated as an open platform with no guarantee of privacy for call participants. UCL has no verifiable knowledge of, or influence over, Zoom's worldwide infrastructure agreements with national authorities. We advise all staff to use care and discretion when sharing sensitive content or research data with participants or when discussing potentially politically sensitive matters with call participants. In particular, staff should consider whether discussion of a topic could put students at risk. 

An Information Risk Assessment and Data Protection Impact Assessment (DPIA) has been agreed with the Information Security Group, to ensure that all known risks have been investigated and are deemed to be manageable. Colleagues should follow UCL's Information Management Policy (PDF).  If there are further questions regarding the DPIA or Information Risk Assessment and/or you require further guidance on using Zoom for discussing sensitive research, please contact the Information Security Group at who can advise you on the best course of action.

How to guides

Help and support