How to Protect Against Zoombombing
Video conferencing platform Zoom has been crowded with the spread of the Covid-19 pandemic and the adoption of social distancing measures. As of April 2020, Zoom is reporting 300 million daily meeting participants.
Criminal cyber activity has grown alongside Zoom’s burgeoning user base. By far, the most common issue for those attending virtual meetings is something called “Zoombombing,” where rowdy meeting crashers create chaos during meetings, letting loose a barrage of NSFW chat messages and porn imagery via Zoom’s Screen Share feature.
Worse than that, a quiet Zoombomber can remain undetected and spy on a meeting, gathering information on the meeting participants, where they work, and other identifying information. Scammers can use this information to create future cyberattacks like phishing. Or they can share malware or links to phishing sites through chat.
Zoom’s lax default security settings allow meetings to be conducted via publicly accessible URLs. Screen Sharing is enabled for all attendees by default, and the way to turn that feature off requires both knowledge and a few time-consuming clicks. Worse, meetings can start without a host, who is the only person able to block invaders and turn off the default Screen Share function.
The best way to protect against Zoombombing is to take preventative steps. (Note: The settings and locations for options can vary based on the version of Zoom used as well as the device and operating system):
- Use a unique ID and password. When hosting a meeting with many participants, especially when most of them are people you don’t typically communicate with, generate a unique meeting ID instead of using your personal meeting ID (PMI). To add extra security, require a password.
- Disable Screen Share by default. Disabling this feature blocks users from sharing videos and graphic imagery. It can be found in-meeting under Share Screen > Advanced Sharing Settings. On the web version, the control is located next to the Screen Share button.
- Assign a co-host to your meeting before it starts to help moderate.Zoom allows hosts to create a “co-host.” If you get zoombombed, two defenders are better than one since the meeting crashers need to be removed individually.
- Set up a waiting room. This allows you to scan for unwanted meeting guests before you allow them to enter the meeting.
- Lock meetings once all anticipated attendees have logged on.This feature can be found under the “more” menu next to the participant’s button.
- Disable “File Transfer”.There have been instances of Zoombombers sending malware to attendees. Disabling file transfer can block a potential cyberattack.
- Disable “Allow Removed Participants to Rejoin”.Found under the Settings menu in the Zoom web portal, this option blocks unwanted attendees from rejoining after being ejected from a meeting.
- Disable “Virtual Background”.Virtual backgrounds allow attendees to protect their privacy or personal details in their home offices. However, they have also been abused to display disturbing and graphic content. This feature can be disabled under “Account settings” in the Zoom web portal.
As work becomes more virtual, cybercriminals are uncovering more ways to infiltrate Zoom and other video conferencing apps. If Zoombombers do access your meeting, quickly remove them, report the issue to Zoom, and where appropriate, to the local police.