There's a new kind of troll on the internet, and it's just waiting to crash your Zoom meeting.
As businesses and educational institutions pivot to videoconferencing and virtual meetings during the COVID-19 crisis, instances of Zoombombing are on the rise. Definitely disruptive and often offensive, Zoombombing occurs when an unauthorized person or people gain access to your Zoom meeting, most likely with malicious intent.
Want to safeguard against intrusions? OK, Zoomer -- here's how to make your meetings more secure:
DO require a password
Scroll to "Meeting password" and check the box. Zoom will generate a password for you. Requiring a password is the most effective thing you can do to protect your meeting. Remember to include this password in your invitations.
DO check 'Enable waiting room'
This option allows you to only admit participants that you recognize as those you’ve invited to the Zoom session. Even if an intruder makes it this far, they can’t get into the session unless you allow them in.
DO consider locking the door behind you
Click the "Manage Participants" icon in the Zoom toolbar, then use the "More" drop-down menu and click "Lock meeting." This option can keep unwanted folks out once everyone is in. The downside is that it prevents attendees from being able to sign in again if they are experiencing connectivity issues. This option is best for smaller meetings, where you’ll be able to see that someone has dropped out and can easily unlock the meeting to let them back in.
DO control screen sharing
Block a Zoombomber from disrupting your meeting with unwanted images. Go to the Zoom toolbar, click the up arrow next to the "Share Screen" icon, and under "Who can share?" select "Only host." (Depending on the version of Zoom you're using, you may need to choose Advanced Sharing Options to get to this choice.)
DO leave 'Enable join before host' unchecked
Make sure this box in "Meeting Options" (or "Advanced Options") is left blank. This keeps unwanted visitors from causing trouble before you start the meeting.
DON'T use your personal Zoom Meeting ID
When you schedule a meeting, scroll to "Meeting ID" and select "Generate Automatically." This is Zoom's default choice; don't change it! And never post your personal meeting room ID publicly. Your Zoom Meeting ID URL doesn't change, so anyone who knows your ID can hop into your personal meetings.
DO turn host and participant video off by default
Set both the host and participant video to OFF. Participants will still be able to turn their video back on, but this option puts another obstacle in an intruder's path.
DO mute participants on entry
Check this box under "Meeting Options." This prevents uninvited guests from blasting your meeting with noise, and also blocks background noise from attendees who forget to mute themselves.
Plan ahead for a large group
If you want to hold a large meeting -- an open forum, town hall or community gathering -- the best protection is to plan ahead. Use these tips to prevent or minimize the impact of a Zoombomber:
- Use a Zoom-generated meeting ID, rather than your personal ID.
- Have attendees register to attend; this may dissuade crashers.
- Select one or more Alternative Hosts to help you manage the meeting in the event of an issue.
- Discuss potential issues with your co-hosts and create a plan to respond to technical difficulties or other disruptions.
- Make sure participant video is set to "Off."
- Disable the option for attendees to join before the host and enable the option to mute participants when they enter the meeting.
- Control screen sharing during the meeting.
I've been Zoombombed; what now?
If an unwanted person does get into your session, go to the participant list and remove the offender. Then make sure the waiting room is enabled or the room is locked to prevent the intruder from returning. This can be done using the Security icon in the toolbar at the bottom of the screen. (If you don’t see the icon, you may need to download the latest version of Zoom.) If your Zoom meeting is compromised, report it to the IU Information Security Office at firstname.lastname@example.org, then contact your IT Pro or campus UITS Support Center for next steps.
Looking for more info?
- Logging in to Zoom using Single Sign-On (SSO)
- Tools for securing Zoom sessions
- Managing disruptions during Zoom meetings
Jen Bratton and Todd Stone are communications project managers in the Office of the Vice President for Information Technology.