Zoom has been drawing attention from researchers and journalists lately for a number of potential privacy and security issues.  One of the biggest security issues facing Zoom is the surge in "Zoombombing,"

What is Zoombombing? Zoombombing is when uninvited attendees break into and disrupt your meeting.

It is easy to Zoombomb a meeting. A simple Google search for URLs that include "Zoom.us" can turn up the unprotected links of multiple meetings that anyone can jump into. Similarly, links to public meetings can be found on many organizational pages on social media.

We recommend using as many of these options as you reasonably can without impacting your meeting operations. If you are discussing any sensitive or confidential information in your meetings, these measures become that much more important.

The following Zoom Guidelines are from Cornell University.

Meeting Passwords

It's highly recommended that you set a strong password for all meetings and webinars.

When scheduling a meeting, under Meeting Options, select Require meeting password, then specify a strong password (make your password at least eight characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols). Participants will be asked for this password in order to join your meeting.

Enable the Waiting Room Feature

The Waiting Room feature allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. This requires more work by the host, but only allows participants to join if you specifically admit them.

Disable Join Before Host

If you are scheduling a meeting where sensitive information will be discussed, it's best to leave Enable join before host (found under Meeting Options when scheduling a meeting) turned off. Visit Zoom's Join Before Host help page for more information.

The Join Before Host option can be convenient for allowing others to continue with a meeting if you are not available to start it, but with this option enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting.

Another option is to assign an Alternative Host.

It's still possible for a meeting to start without you (the host) even if Join Before Host is disabled. If you have given someone Scheduling Privilege, which allows them to schedule meetings on your behalf, then when that person joins a meeting before you, the meeting will begin and they will be made the host.

This is typically not a problem, as the recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

Limit Screen Sharing to the Host

By default, screen sharing in Zoom meetings is limited to the host. You can change this if you need to allow other attendees to share their screens. If you make this change and decide to return to having screen sharing be limited to the host, while in your meeting,

  1. Click the up-arrow next to Share Screen.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.

This won't be appropriate when multiple participants will need to share and collaborate, but this restriction prevents unwanted attendees from interrupting the meeting with intrusive sharing.

Meeting Security When Scheduling Zoom Meetings Using Your Outlook Calendar

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password. If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the password to anyone who views your calendar. You can protect the password by making the calendar entry private or editing the entry to remove the Zoom meeting password.

Remove a Participant from a Zoom Meeting or Webinar

If you have already begun a session and find an unwanted attendee has joined:

  1. If the Participantspanel is not visible, click Manage Participants at the bottom of the Zoom
  2. Next to the person you want to remove, click More.
  3. From the list that appears, click Remove.

Lock Your Session

The Zoom Host Controls allow the host or co-host to lock the meeting. Once all your attendees have joined,

  1. If the Participantspanel is not visible, click Manage Participants at the bottom of the Zoom
  2. At the bottom of the Participantspanel, click More.
  3. From the list that appears, click Lock Meeting.

Unlock the meeting following these same steps.

When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so don't lock the meeting until everyone has joined.

https://it.cornell.edu/zoom/keep-zoom-meetings-private-and-reduce-odds-zoombombing