Which Zoom Security Features Are Best for Your Industry?

Regardless of where you work or what you do, security matters. That’s why we work to weave it seamlessly into the Zoom user experience, so organizations from all industries can achieve seamless and secure collaboration. 

Whether you’re leveraging the Zoom platform for hybrid learning, telehealth appointments, or legislative meetings, we’ve designed unique features and worked to address industry-specific standards to help organizations maximize efficiency while addressing their unique needs.

While most of these security features are industry-agnostic, we want to highlight a few that are vital for addressing certain sector-specific pain points. 

But first, here are a few tips to help all users secure their meetings:

While each industry uses our platform in a way that addresses its unique needs, Zoom Meetings comes with a security icon and set of in-meeting controls that help users across the board safeguard their meetings from uninvited guests. With these controls, hosts can:

• Manage screen sharing
• Lock the meeting 
• Set up two-factor authentication 
• Remove disruptive participants 
• Disable video, mute participants 
• Suspend participant activities 
• Turn off file transfer
• Disable private chat 
• Report a user

All organizations should keep these controls top of mind and train users on how to deploy them when necessary, helping to manage and secure the meeting experience. 

As schools and campuses embrace the hybrid learning model, teachers need the right security tools readily available to help make sure their virtual classroom isn’t interrupted by outsiders or unexpected hijinks. The following features and commitments are designed to help teachers and administrators streamline the virtual learning experience:

Key features

• At-Risk Meeting Notifier: Designed to proactively identify issues with meeting privacy, the tool scans posts on public social media sites and other public online resources for Zoom Meeting links. If the tool finds your class link is located online, you’ll receive an email notification. 
• Chat Etiquette Tool: Automatically identifies keywords and text patterns in Zoom Team Chat and in-meeting chat and helps prevent users from sharing unwanted messages, such as those that include inappropriate language. It is important to note that the Chat Etiquette Policies are defined by account admins — not by Zoom — and the tool does not send reports/flags to account admins or anyone else. Anyone interested in this feature should contact their customer success manager (CSM) to enable it.
• Waiting Room: In your meeting settings under “Security,” you can toggle on the Waiting Room, which will send everyone to a virtual waiting area where you can admit them individually or all at once. In fact, the Waiting Room feature is on by default for K-12/primary and secondary education users. You can customize your Waiting Room to include a personalized description or even a video to help you set expectations for the upcoming lesson.
• Single sign-on (SSO): To help authenticate users in schools and business environments, we offer a single sign-on (SSO) feature that creates a safe and quick process for logging in to the Zoom client. If you cannot use single sign-on, we recommend using two-factor authentication (2FA) to add an extra layer of security to the process.

Certifications, attestations, and standards 

• Zoom supports our customers’ compliance with the Family Educational Rights and Privacy Act (FERPA), which helps protect the privacy of student educational records. 

Patient privacy and well-being are always a top priority for healthcare organizations. Whether you’re conducting telehealth appointments or connecting medical communities virtually, here are some features and standards to help your organization safeguard patient privacy:

Key features

• Advanced chat encryption: Allows for secure communication by encrypting chat messages between users, which helps medical staff coordinate quickly while safeguarding private patient data.
• Required meeting passcodes: You can create a passcode and share it with patients via email so they’re required to type in the secure passcode to be able to join a telehealth session. 
• Account Theft Protection: This feature helps identify users whose login credentials may have been stolen or compromised in a data breach elsewhere on the internet. Whenever we determine that a Zoom user’s login and password may have been compromised on another service, we will send them a notification and prompt them to reset their password within one day. If the password is not reset in 24 hours, we will force a logout for the user in an effort to proactively prevent account takeovers. This adds additional security to your telehealth sessions by helping prevent cybercriminals from potentially using employees' or patients’ compromised credentials to access their Zoom accounts.

Certifications, attestations, and standards

• Whether you’re a solo practitioner, small clinic, or enterprise health system, Zoom helps enable a customer's HIPAA compliance program by safeguarding sensitive information and executing a Business Associate Agreement (BAA).
• Zoom supports our Canadian customers’ compliance with PIPEDA/PHIPA. 

Securing client information is vital for any financial services organization. Customer trust — and therefore business viability — is contingent on security, so any financial services organization using Zoom should take advantage of these data management and encryption features:

Key features

• Data routing control: Zoom lets customers make choices about the Zoom data center that will be used for processing certain customer data when a customer with a paid account hosts a meeting or webinar. Account owners and admins on paid accounts can, at the account, group, or user level, opt in or out of specific Zoom data centers that will be used for the processing of participants’ real-time meeting and webinar video, audio, and shared content during the hosting of meetings and webinars.
• End-to-end encryption: When enabled, this feature uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings to help encrypt communication between all meeting participants. The only difference is that the cryptographic keys are known only to the devices of the meeting participants. This means that no third party — including Zoom — has access to the meeting’s private keys.
• Meeting and Webinar Archiving: Allows account administrators to set up an automated mechanism to collect and archive meeting data to a third-party platform of their choice and hence, help satisfy FINRA and/or other compliance requirements. Unlike Cloud Recording, which saves video, audio, and chat/transcription files to the Zoom Cloud, the Archiving API collects webinar and meeting data/metadata necessary for certain compliance guidelines, as well as the audio, video, and chat files if set in the API call.
• Information barriers: Designed to help you control user communication policies and meet regulatory requirements at scale. You can use information barriers to prevent certain groups of users with confidential information from communicating with others who are not approved to know this information.
• Data loss prevention (DLP) integrations: These integrations connect with Zoom to help customers apply policies designed to detect and block potential data breaches or exfiltration. 

Certifications, attestations, and standards

• We subject our services to security safeguards designed to protect the confidentiality and security of customer information. These safeguards can help our customers meet their Gramm-Leach Bliley Act, NY DFS, GDPR, and other security compliance requirements.

Like many modern organizations, government institutions need to collaborate in real-time while protecting the exchange of crucial data — that’s why we’ve developed Zoom for Government. Designed to meet the specialized requirements and needs of the U.S. Government, Zoom for Government offers the same experience as the standard Zoom platform, but is a separate platform designed to adhere to federal security standards. Let’s walk through a few important security features for government workers:

Key features

• U.S.-based staff and data centers: Zoom for Government leverages the U.S.-based GovCloud infrastructure and U.S.-based co-located data centers. It is deployed and managed by U.S. persons only. This feature is exclusive to Zoom for Government. 
• Cross-platform privacy features: Zoom has released a number of privacy features that help give Zoom and Zoom for Government customers alike more insight and control over the privacy of their meetings. These features help protect the privacy of crucial government information exchanged over our platform. They include preventing participants from joining via multiple devices at the same time or from a different device after being removed from a meeting, the ability to only allow authenticated users to join meetings, and more.
• Watermarking: To help protect the privacy of confidential information shared during a meeting and prevent leaks, meeting hosts can enable two types of Zoom watermarks:
  • Image watermarks superimpose an image on a shared screen, which consists of a portion of a meeting participant’s own email address. This image is splashed across the content a person is presenting, as well as their video.
  • Audio watermarks embed a user’s info as an inaudible mark in any offline recording of a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.

Certifications, attestations, and standards

• The platform’s controls support important attestations and commitments, including FedRAMP Moderate, StateRAMP Moderate, and DoD IL4, and supports HIPAA, CJIS, and CMMC compliance requirements.

No matter what industry you work in, secure collaboration is fundamental for success. Security is also more important than ever as organizations navigate the next phase of work and learn to operationalize the hybrid workforce. 

By supporting the hybrid workforce with technology that deploys easy-to-use security features, organizations will create a realistic and scalable approach to security that will evolve as the business does. 

To learn more about Zoom privacy and security, explore our Trust Center or check out our latest security webinar here. 

Editor’s note: This post was updated on 6/16/22 to expand the list of relevant security features and update the certifications for each industry.

Editor’s note: This blog post was edited on Sept. 22, 2022 to include the most up to date information on Zoom for Government. 

Editor’s note: This blog post was revised on 4/20/2023 to include the most up to date information on our data routing control feature.