You’ve set up a zoom meeting and sent out the invitations to your guests, and the time for your meeting has arrived. As your guests arrive for the meeting, you admit them into the zoom conference. However, you start to notice some unfamiliar people you don’t recognize and don’t recall sending an invite to. Some may not even be sharing a video but only have a name tag displayed. No matter, you continue with the meeting anyway.
Shortly into the meeting, these unfamiliar people start causing a disturbance, speaking over you, and becoming a nuisance. They may even hurl insults or display lewd acts. What you are experiencing is “Zoom Bombing,” and you have become a victim. Let’s rewind this a bit and work out how this happened and what you can do to prevent this in the future.
The anatomy of a zoom meeting
Over the past few years, online video meetings using technology such as Zoom or Microsoft Teams have become increasingly popular. More and more people embrace remote working in response to the global covid-19 pandemic. It has also become apparent that, for many businesses, this change in working conditions may be here to stay. Businesses have realized that they can save money by allowing staff to work from home instead of paying for expensive leased offices.
This change also brings new challenges to a business’s cybersecurity posture. New risks have emerged that businesses need to be aware of as they continue to embrace staff working remotely.
When a meeting is scheduled, the host will create this meeting request in their calendar software and send out invites to the guests. This is no different from face-to-face meeting invitations, but now the meeting will include a link for invitees to click on when the meeting time comes around.
The host ‘admits’ the guests into the meeting, and the meeting begins. Guests can share their video and microphone with the other participants, and the meeting operates as planned.
However, a cybersecurity risk exists that the host’s link may be forwarded or shared to the public via social media, email, or internet message boards. The link may also include the necessary password to access the meeting. This is where things can take as uninvited people may join the meeting.
If the host is under pressure and not paying close attention, these uninvited people are allowed into the meeting, where they can cause trouble and disrupt the meeting, leaving the host in a state of panic or embarrassment.
This is especially the case with larger meetings where the host may not always know who should be attending and who should not.
Fortunately, it is easy to implement some simple safeguards to help manage unwanted attendees and prevent a disastrous online video meeting.
10 steps to preventing zoom bombing
- Don’t share your meeting links publicly
When you post a meeting link to social media, your company website, newsletter, you allow anyone with the link to join your meeting. To prevent unwanted guests from joining, be sure that you only send your invite link to the necessary people.
- Always use a unique meeting ID
If you are operating regular online meetings, try to generate a new meeting ID for each meeting rather than the same ‘personal meeting’ room ID. This way, bad actors are unable to predict the set meeting ID.
- Always set a meeting password
After a series of embarrassing zoom meetings went viral, Zoom released a new feature that included a random password for each meeting by default. This step alone is usually enough to prevent unwanted zoom bombers but always check that the option is enabled before sending the meeting invite.
- Enable the waiting room feature
When you enable the waiting room feature, every guest that joins the meeting is put into a temporary waiting room where the host can manually admit each person. This can allow you to screen people so that only those you are expecting are granted access to the meeting.
If someone arrives who is not familiar, it is perfectly acceptable to ask the guests, who are already in the meeting, if they know who so and so is.
- Disable participants video sharing
For additional protection, force the participants’ video to be disabled. Disabling the video will prevent any unwanted obscene content from being displayed. This can also be enabled or disabled during the meeting.
- Disable participants profile picture
Even with video disabled, the person may have an undesired profile picture loaded into their settings. You can easily disable the profile pictures by clicking on the security button and then clicking ‘Hide Profile Pictures.’
- Mute the participants upon entry to the meeting
Another new feature that has been added is the ability to mute the participants as soon as they enter the meeting. You can keep everyone on mute until it is their turn to speak. This has the added benefit of keeping control of the meeting flow and allowing people to have their say without being interrupted.
- Control access to the in-meeting chat
Even with video and audio disabled, guests can also interact using the in-meeting chat feature. Fortunately, it is possible to control the chat function so that only the host can see what the participants are typing in. This is especially useful if you use the chat for a question-and-answer period.
If you know that you won’t need to use the in-meeting chat, it can also be disabled completely.
- Allocate trusted guests to help moderate the meeting
To relieve the pressure on yourself as the host, allocate some trusted guests in advance to control and moderate the meeting. You can allocate Co-hosts and Alternate hosts that will have most of the permissions that you do. This means that you can concentrate on the meeting and not have to worry about moderating the meeting simultaneously.
- Kick someone out of the meeting
It is also possible to boot someone out of the meeting if they become unruly or not a welcome guest. To do so, click on the security icon and click ‘Remove Participant’.
Next, click ‘Remove’ against the name of the participant that you want to remove.
Confirm the removal of the participant and optionally check the box that says ‘Report to Zoom’ if you need to report bad behavior.
This person will not be able to re-join the meeting.
The silent zoom bomber
There is another side of zoom bombing that we need to discuss, and it is also usually tough to detect and prevent. That is the silent zoom bomber. This person may be an industry competitor who has gained access to your meeting to listen in on your business plans and gain valuable insider information.
This could also be a major concern if your company is a publicly listed one. Gaining insider information could be used as a mechanism for profiting from information not yet available to the public.
This sort of bad actor will not disrupt the meeting at all, rather stay silent in the background listening to your company secrets and plans.
The only way to combat this sort of zoom bomber is to make sure you have identified each participant who has joined the meeting. Even if it means delaying the meeting for a few minutes to go through and verify each attendee, it could be time very well spent.