Secure devices you use with Zoom

UW Zoom users have a responsibility to protect both personal and institutional data. UW Office of Information Security and UW-IT recommend the following to maintain secure use of UW Zoom. 

• Zoom chat file security
• Understand your responsibility to protect UW data
• Secure UW Zoom data on your devices
• UW NetID recovery and resetting or changing your password
• Use a strong passphrase on your mobile device
• Security Training
• Device security for IT Administrators

Zoom Chat File Security

Zoom offers both in-meeting and out-of-meeting Chat. To maintain security, Zoom Chat messages are automatically deleted after 120 days and file types sent using Zoom Chat are limited to the following file types. 

Documents:

• Microsoft Word (.doc, .docx)
• Microsoft Excel (.xls, .xlsx)
• Microsoft PowerPoint (.ppt, .pptx)
• Portable Document Format (.pdf)
• Rich Text Format (.rtf)
• Text files (.txt)

Images:

• JPEG (.jpg)
• PNG (.png)
• GIF (.gif)
• BMP (.bmp)

Audio and video files:

• MP3 (.mp3)
• MP4 (.mp4)
• WAV (.wav)
• AVI (.avi)
• Web links (URLs)

Zoom does not scan files for malware and viruses when transferring files using Zoom chat. When receiving files from within Zoom, ensure your devices are secure by reviewing the device security best practices. 

Understand your responsibility to protect UW data

As a University of Washington (UW) employee, you may have access to UW information systems or come in contact with UW data. Access to UW information systems or the processing of UW data comes with responsibility, and the UW wants to make sure you are aware of those responsibilities. 

Check if you have already reviewed and accepted the Access and Use Agreement for UW Data and Information Systems.

Secure UW Zoom Data on Your Devices

Devices you use to access UW Zoom must be updated and maintained to protect UW data. 

Reporting Stolen or Lost Devices 

Devices used for purposes of UW activity (including mobile devices, laptops, tablets, and computers) must be reported when stolen or lost. This includes personally owned devices with access to UW data stored on them. 

• To report a stolen or lost device, submit the Incident Report Form with the UW Privacy office. 
• Report lost or stolen cell phones to your cellular carrier. More information can be found here.
• Report lost or stolen mobile devices with 2FA (Duo) access and 2FA hardware tokens to UW-IT using the 2FA lost or stolen device form.
• Log out of all devices from Zoom in the event that devices are lost or stolen by navigating to the Zoom Profile page and select “Sign Me Out From All Devices”.

Regularly Update Your Software

Devices used for purposes of UW activity (including mobile devices, laptops, tablets, and computers) must be regularly updated to maintain security protections. 

• Learn how to keep the Zoom software on your device regularly updated.
• Use a UW supported browser and ensure your browser is regularly updated. 
• Frequently check for device operating system updates to keep your device secure. 
• Ensure your devices are secure by reviewing the device security best practices.

UW NetID Recovery and Resetting or Changing Your Password

Use a strong password and change your password on a regular basis. 

• Recover your UW NetID
• Reset or Change Your Password

Use a Strong Passphrase on your Mobile Device

Ensure your mobile device has a strong, unique passphrase. Refer to Smartphone Configurations and Best Practices for specific recommendations.

Security Training

The UW Office of Information Security recommends the following trainings to maintain best security practices: 

• Data Security 101 Training Video
• Mobile Device Security Training Video 

Device Security for IT Administrators

IT Administrators should utilize mobile device management (MDM) functionality to manage and protect UW-owned devices with features such as the following:

• Device encryption
• Application allow-lists
• Remote wipe

External Vendor Relationship Management

Service desks, departments, and individuals using external vendors to provide Zoom-related services should require security developments and other user protection safeguards in the contract for services. 

• Where a vendor relationship is available, leverage regular communications to stay abreast of changes and updates to the Zoom application.
• If there is feedback capability for suggested improvements or issue tracking, incorporate feedback communication to leverage feature requests toward more secure user experiences.
• Require vendors provide security updates and patches to managed hardware, firmware, and software.