The COVID-19 crisis has sent workers and businesses scrambling to setup work-from-home systems and protocols, and with such a rapid migration to remote work it is no surprise technical and security issues have emerged. Here we're going to discuss "Zoombombing"--what it is and how to prevent it.
Zoom is an easy-to-use videoconferencing platform that, while having been around since 2011, has recently become the go-to video meeting tool for millions of new work- and study-from-home users. Zoom was built "primarily for enterprise customers" who already have IT support infrastructure in place, meaning the platform is not specifically designed with the security of the home user in mind, but rather for corporate users who have an IT support team they rely on for security best practices. But the recent addition of millions of work-from-home users has been met by the team at Zoom with several updates and modifications to default settings.
"ZoomBombing" is the term given to unauthorized meeting attendees joining a Zoom meeting for the purpose of disrupting or "trolling" the meeting, its hosts and attendees. These attacks have ranged from relatively minor disruptions by single users to coordinated harassment, hate-speech, and sharing of offensive images and threatening language by coordinated groups of attackers. The FBI has released guidance on Zoom users protecting themselves, their workers and students from these kinds of attacks.
If you're one of the hundreds of millions of new Zoom users you may have rushed to learn the platform and get your team's productivity back up and running. Naturally, some security issues may have been overlooked. Zoom itself has scrambled to update the platform's security and to enable some important features by default. (As always, keep your software up to date!)
Here are some easy steps you can take to protect your Zoom meetings from malicious attacks:
- Don't share your Personal Meeting ID (PMI): This is a unique code assigned to every user who creates a Zoom account. (You do not need to create an account to attend Zoom meetings, but an account is required to host Zoom meetings.) Zoom allows you to create a unique "Meeting ID" when you create a new meeting. Use this unique Meeting ID when hosting meetings. While it will generally be fine to share your PMI with trusted friends and colleagues, if it ever is published online (like in a public social media post) it can easily be found by attackers.
- Require a password: When scheduling a Zoom meeting, be sure to check the "require meeting password" check box. This way, only attendees with whom you've shared the password will be able to join the meeting.
- Disable video: keep unwanted imagery off the screen and out of your meetings.
- Mute meeting attendees: hosts can mute all or individual meeting attendees to keep meetings nice and orderly.
- Turn off File Transfer: This will disable meeting attendees' ability to upload and share pictures, videos, and other files with other meeting attendees.
- Use the latest version of the Zoom Software: Zoom used to have a feature which would allow Meeting ID's to be searchable. That is not available anymore, so, like we mentioned before, keep it updated!
These are the easiest steps you can take to protect your Zoom meetings from Zoombombing. While your organization may have specific requirements to meet your needs, we encourage everyone to follow these suggestions to ensure a pleasant meeting for everyone, with no harassment and trolling!
The team at Zoom is hosting daily live and recorded webinars to help you get started with Zoom. Check those out here.
And as always, Northampton Computer Repair offers friendly, affordable remote tech support, including training on software for users of all skill levels. We can help you get familiar with Zoom or other platforms that may be a better fit. Contact us if you need any help.
Photo Credit: Edwin Andrade via Unsplash
