How to prevent Zoom-Bombing
The term “Zoom-bombing” refers to a malicious user gaining access to a videoconference and harassing its participants. Several schools, for instance, have reported incidents of discriminatory messaging, death threats, and pornography in their virtual classrooms.
These incidents can occur when meeting details are publicly listed without any password protection, though some attackers have also used software to guess unlisted Zoom room numbers. Openly sharing a full meeting URL can also facilitate Zoom-bombing, even when the meeting is password-protected.
Video hijacking attempts to emerge when people host conferences on public channels shared over the internet via URLs, making them accessible to anyone. Hijackers can sometimes guess the correct URL or meeting ID for an open Zoom session, giving them access to the hijack.
Security professionals have confirmed and exposed Zoom’s security issues. They found out that the only meetings that are protected from Zoom Meeting ID auto-dialers are the videoconferences that have set a password.
As the COVID-19 health crisis continues, many businesses, organizations, and schools have adjusted to telecommuting (working from home), video conference app users need to be aware of the recent ‘Zoom-Bombing’ where hijackers infiltrate the Zoom session.
You can enable ‘Embed password in meeting link for one-click join.’ This prevents a participant from accessing your meeting without losing the usability of sharing a link to join.
Users who organize public group meetings are advised to evaluate their settings and verify that only they, as hosts, can share their screen. This will override any outside disruption from the main video.
Here are some tips to avoid video hijacking:
- Use a unique ID for large or public Zoom calls: When you create a Zoom account, the app assigns users a Personal Meeting ID (PMI). When hosting a large Zoom call where members of the public are attending, it’s better to use a one-time code rather than a user’s PMI. If not, hijackers can use the PMI to try and jump in on your Zoom calls at any time.
- Require a meeting password: Password protections are on by default for those private hosting meetings. The protections should be on to prevent uninvited users from participating.
- Don’t share the unique ID publicly: Do not share a link to a conference meeting on a public social media post. Provide the link directly to specific meeting attendees.
- The host(s) alone should share their screen: Do not allow anyone to hijack the screen during a Zoom call. To prevent this, make sure your settings indicate that the only person(s) authorized to share their screens are the hosts. To allow host share screen, navigate to Personal > Settings > In Meeting (Basic) and look for Screen sharing. Check the option that only allows the host to share.
- Create a waiting room: When participants sign into the meeting, they see a Waiting Room screen. They are not allowed into the meeting until the host lets them in. A host can enable participants to join in all at once or one at a time; this allows the host to screen all participants before joining. If, for example, the host doesn’t recognize specific names in the Waiting Room, they are not allowed in at all. To enable the Waiting Room, Click Settings > Waiting Room >, check the button next to the ‘Waiting Room’ option to enable it to feature.
- Lock the meeting once it starts: The hosts can lock the session from new participants once the meeting begins, and all attendees have joined. To do this, navigate to the bottom of the screen, click Manage Participants > More > Lock Meeting.
- Remove unruly participants or put them on hold: Hosts can quickly remove uncontrollable members from the meeting by selecting the person’s name and clicking ‘Remove.’ By default, the removed person cannot rejoin. To put a participant on hold, find the video thumbnail of the person, click on their video image and select ‘Start Attendee On Hold.’ Hosts can reverse this action by clicking ‘Take Off Hold’ in the Participants panel.
- Disable the participant’s camera: Hosts can turn off any participant’s camera by opening the Participants panel and clicking on the video camera icon next to the person’s name.
- Keep Disable Data Transfer settings active: keep default settings on to disable file transfer and restrict members from sharing files, including images and animated GIFs within the chat. To do this, go to setting in the Zoom web app, (it’s not in the desktop app) click Personal> Settings> ‘In Meeting’ > ’transfer,’ click to disable. https://us20.admin.mailchimp.com/campaigns/show?id=12411863
This advice is specific to the use of Zoom during the current COVID 19 crisis. Maxfront aims to enable clients to have some flexibility in the tools they use to allow effective operations in these extraordinary times while managing and mitigating security risks. https://www.maxfront.com/2020/04/14/hello-we-have-top-tips-for-leading-remote-it-teams-successfully-in-a-competitive-it-world/