Video conferencing app Zoom has had a meteoric rise in users due to the coronavirus outbreak, and with that rise in users has come security woes and an annoying new trend known as “Zoom bombing.” Zoom bombing is, in essence, crashing a digital meeting and doing things like screaming obscenities, broadcasting pornography, and otherwise interrupting people’s attempts to talk to coworkers, family, and friends. It isn’t necessarily harmful, but it’s definitely obnoxious.
Even with all of Zoom’s security issues, it can’t be blamed entirely for the Zoom bombing trend–internet trolls have been using publicly posted meeting links, guessing meeting IDs, and using personal meeting IDs posted online as ways to join meetings uninvited.
SEE: The tech pro’s guide to video conferencing (TechRepublic download)
Zoom has built-in tools that can prevent Zoom bombings from occurring, and they’re all remarkably easy to enable when creating a new meeting. These steps won’t completely eliminate the chance that a bad actor crashes your Zoom call, but they’ll go a long way toward making sure the host has control over what each and every person can do in their meeting.
In Figure A you can see the meeting setup screen from the desktop version of Zoom with all the appropriate options toggled on.
1. Never use your personal meeting ID
Each Zoom user has a personal meeting ID—think of it as your Zoom phone number. When creating a meeting, you can use your personal ID or generate a random one, and you should always generate a random meeting ID. This screen will appear whenever you schedule a new meeting in Zoom.
If your personal meeting ID is leaked to the web, Zoom bombers are free to harass you with calls whenever they please.
2. Always use a meeting password
This doesn’t necessarily apply to large-scale meetings where public attendees are invited, but for anything other than a classroom, town hall, or lecture meeting, passwords should be turned on.
Make sure the password is kept safe, too. Zoom sends meeting passwords out to all invitees when invitations are sent. If you’re worried that someone unwanted may get the password, create the meeting without one set, update the meeting to add a password, and send it out to invitees in a separate email or via another form of communication.
SEE: 15 Zoom tips to improve your video conferences while telecommuting (TechRepublic)
3. Use Zoom’s waiting room feature
When you enable the waiting room for a Zoom meeting, each user who connects is put in a queue that the meeting host has to approve them from. If you don’t recognize someone in the waiting room, don’t let them in.
4. Mute audio and disable video for meeting attendees
Disabling video for everyone but the host will prevent any obscene content from being displayed on camera by attendees. This can be toggled off during the meeting creation (Figure A).
Muting audio for all attendees has to be done by the host once the meeting has started. In order to do that, click on Manage Participants in the bottom bar of the Zoom meeting screen. In the menu that opens to the right of your video display, look for the More button. Click it, and you’ll see the menu shown in Figure B. Make sure Mute Participants On Entry is checked, and Allow Participants To Unmute Themselves is unchecked.
If anyone other than the host wishes to speak, request that the attendee use the chat feature to request speaking time, and then mute the person once they’re finished.
5. Turn off screen sharing for everyone but the meeting host/co host
Zoom bombers need to be able to visually take over a meeting to be effective, and preventing anyone from sharing their screen aside from the meeting host stops them from being able to go on the attack.
This is another option that has to be toggled once the meeting has started. While hosting a meeting, look for the green Share Screen button in the bottom menu bar. Click the arrow next to it to open video options, and then click Advanced Sharing Options. In the window that opens (Figure C), make sure Who Can Share is set to Only Host.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays