Because Zoom-Bombing Is a Thing Now: Here’s How to Protect Yourself

One of the features that makes Zoom so user friendly is also the one that makes it vulnerable to “Zoom-bombing,” in which an uninvited person joins your Zoom meeting to generally wreak havoc.

Here’s how it works: You know Zoom’s super-simple meeting number that makes it so easy for you to join meeting after meeting (after meeting after meeting) every day? Trolls are using random-number generators to create meeting codes and just invite themselves to random meetings. That is, if they’re not searching for or falling over all of those links to tons of public meetings all over the internet.

When this happens by accident, it can be funny, a charming “whoops!” moment that’s quickly resolved. But when baddies are seeking out meetings for the sole purpose of disrupting them, not so much. Users have reported uninvited participants sharing pornographic images, screaming profanities, sharing questionable files in the chat, and more.

Why’s it happening so much on Zoom? The platform is everywhere right now because of its ease of use and low barrier to entry (there’s a free version!). It’s highly visible, tons of people are using it, and there’s a much higher number of meetings happening every day right now so it’s an easy target. Plus, its simple, numeral-only meeting links are easier to randomly generate successfully than links that contain letters or a mix of letters and numbers, or that are case sensitive.

Does that mean you should stop using Zoom? Only if you can’t find a solution you feel comfortable with to prevent this problem. Great news: I have several. Here’s how to protect yourself from Zoom-bombing.

Enable the waiting room

Use Zoom’s waiting room setting to keep people from coming in unannounced. When they join your meeting, they’ll see a hold screen until you admit them. Don’t recognize the name? Don’t let them in!

Disable screensharing for participants

Set screensharing to “only host” to prevent others from sharing unauthorized or unsavory content. If you do need a participant to screenshare, consider locking the room first (see below) so unexpected new arrivals don’t take over screenshare with inappropriate content.

Mute users on entry

Automatically mute your users when they enter the room so every entrant isn’t disrupting the flow (you know, by shouting terrorist threats, which also happened). For what it’s worth, you should be having users enter muted anyway to minimize background noise and avoid saying, “Excuse me, can everybody please mute?” eight thousand times in every meeting

Consider disabling “allow participants to unmute themselves”

Especially if your link is public you may want to prevent users from unmuting themselves. Instead, use the raise hand feature or ask users to type in chat if they want to come off mute.

Use the password option to make your meetings more secure

If users don’t have the password, they can’t come in. If you have a good way to share the password with your participants, such as including it in the Outlook invite for your internal-only meeting, this works well. If your meeting link is public, it may be harder to get the password to the right attendees—but also more important to keep out folks who shouldn’t be there.

Update April 4, 2020: Zoom meetings now require password by default. Here’s how to find the password for meetings created before this setting changed.

Lock your meeting once everyone is there

By locking the meeting, you prevent new people from joining after you’ve started. With particularly sensitive content, especially in a Zoom meeting you use for multiple purposes, this is generally a good idea anyway. If you have a closed group of people (i.e., you know exactly who you’re expecting and you’re expecting them all at the start of the meeting), this can be especially effective. But if you’re not sure who’s coming, you expect stragglers, or you have a “come when you can” attendance policy, locking your meeting may get in the way of getting things done.

Prevent removed users from rejoining

If someone does disrupt your meeting and you have to remove them, block them from rejoining by disabling “Allow removed participants to rejoin.” (Note: If they change their email address on log-in or use multiple Zoom accounts to gain access, it may be difficult to block them effectively; use the waiting room and don’t admit unknown names.) This cuts down on the Whac-a-Mole approach where you kick them out and they just pop back in.

Consider disabling in-meeting file transfer

Depending on why you’re meeting and what other steps you take, it may or may not make sense for you to disable file transfer through the chat. If you’re in a closed group of known individuals and you aren’t allowing others in, file transfer should be generally fine. (Or you could just store files in a shared online space like OneDrive, Google Drive, or SharePoint if these are folks from your own team.) If it’s a public meeting with participants you don’t know, disable file transfer. This will prevent baddies from sharing viruses and inappropriate content.

***

Could you use some support with leading your remote team?

Are you struggling to move trainings, meetings, and other in-person activities online?

I can help. Contact me for a free 30-minute brainstorming call so we can get you and your team up and running ASAP.