May 24 & 30: Critical Zoom Security Changes

May 15, 2020

 

Dear Cornell Community,

Two security changes are being made by Zoom on May 24 and May 30 that protect Cornell users from intrusions during classes and meetings and from threats to their online privacy. These changes require you to take action to continue using Zoom. In brief:

  • Before May 24, add a password to any Zoom meetings and webinars that you’ve already scheduled.
  • By May 30, upgrade to the latest version of Zoom in order to continue joining Zoom meetings and webinars.
  • Add Passwords to All Scheduled Meetings and Webinars

    Change: Starting May 24, all Zoom meetings and webinars will require passwords. Meetings and webinars without a password will have one automatically added by Zoom. Hosts will no longer have the option to schedule a meeting or webinar without a password. All meetings will have the password embedded in the Zoom join link.

    Required Action: Review and update upcoming meetings and webinars you’ve scheduled and add a password if one is not already set. Update your calendar invites with the new Zoom join link.

    • For recurring or scheduled events that take place or continue past May 24, the host must add a password. For guidance on how to add a password, Hosts adding a password through Zoom, Outlook calendar, or Outlook on the web should update participants with the new link. For guidance on the process, visit Zoom: Add a password to an existing meeting. (Updated May 21)
    • Instructors scheduling courses that include Zoom meetings must use the Zoom integration within Canvas to add a password to the Zoom meeting. Editing the Zoom meeting in any other way won’t update the Zoom join link in Canvas.
    • Meetings that already have passwords don’t need to be updated.

    Update Zoom to Version 5.0 or Higher

    Change: Zoom is improving the encryption of all meetings and webinars effective May 30. You must be using Zoom version 5.0 (or newer) to join Zoom meetings and webinars starting May 30.

    Required Action: As soon as possible, update Zoom to the most recent version.

    • Staff and faculty who use Cornell-managed computers will receive the upgrade as part of their weekly computer updates.
    • Students, and anyone who uses a personally owned device (or device that isn’t managed by Cornell), can upgrade by launching the Zoom application, opening their profile settings (click the profile picture in the top-right corner), then clicking Check for Updates. (Step-by-step guidance from Zoom)
    • If you haven’t upgraded by May 30, Zoom will prompt you to upgrade when you try to join a meeting or webinar.
    • For details about the updates, visit Zoom Continues to Improve Security Features in Version 5.0.

    Contact the Cornell IT Service Desk, Not Zoom, for Support During May and June

    Change: From now through the end of June, Zoom isn’t offering support to individual users.

    Required Action: Cornell users who need help with Zoom should contact the IT Service Desk, not Zoom directly.

    To request help with using Zoom for Cornell meetings and webinars, please contact the IT Service Desk. To report an incident of Zoom abuse during a Cornell event, contact zoomsecurity@cornell.edu.

    Sincerely,

    David Lifka
    Vice President for Information Technology and Chief Information Officer