Zoombombing: How to Protect Your Meetings From Going Downhill
Thu, April 22, 2021

Zoombombing: How to Protect Your Meetings From Going Downhill


Companies and professionals are increasingly using Zoom as a part of their remote working initiatives. However, the platform drew attention from journalists and researchers because of a number of potential privacy and security issues that had emerged as a result of its increased use during the pandemic, stated Rae Hodge of CNET, a world leader in tech product reviews, news, and more.

One of the most well-known issues surrounding the platform is “Zoombombing.” Zoombombing occurs when an uninvited person breaks into your meeting and disrupts it. Eric Yuan, the CEO of Zoom, said that the platform will freeze feature updates to address security issues in the next 90 days. Zoombombing a meeting is simple: Type “Zoom.us” on the Google search bar and it will show you unprotected links of meetings that you can enter. Likewise, links to public meetings can also be found on organizational pages on social media.

Businesses Are Growing Wary of Using Zoom

Penny Crosman of daily trade newspaper American Banker cited a poll done by Blind, an online community for technology and financial services professionals, from April 9-11 in which 28% of financial employees said they were worried about the possibility of their information being compromised through a videoconferencing tool. When asked how their use of Zoom had changed once security issues had been exposed, 12% said they stopped using Zoom while 10% said they decreased its use due to hacking concerns. 59% answered “no change” and 19% admitted that they had never used Zoom.



The companies that completely stopped using Zoom were Tesla Motors (92.6%), Square (61.3%), Twitter (38.5%), Salesforce (36.8%), Cisco (29.7%), and Netflix (26.9%), reported Fiorella Riccobono of Blind. Other companies include Adobe (21.6%), Apple (20.6%), Microsoft (20.1%), and LinkedIn (12.3%). 71.6% of professionals from Cisco said they were worried that their information may have been compromised, followed by Apple (55%), Microsoft (51.4%), Google (46.8%), LinkedIn (41.5%), and Square (41.4%). The professionals that were least worried about it were professionals from Tesla Motors (38.5%), SAP (37.9%), Intel Corporation (36.4%), and Amazon (34.1%).

Card company employees were especially worried about using Zoom, with 56.6% of Visa employees and 55.6% of American Express staff saying they stopped using the platform. Over a third of Goldman Sachs employees said they fear data compromise with Zoom, along with 27.8% of JPMorgan Chase staff and 20.7% of Capital One workers.



Zoombombing: When Unwelcome Participants Disturb Meetings and Other Events

Hackers disrupted online classes, government meetings, cocktail hours, and other events—a trend that resulted in Zoombombing incidents, explained Bobby Allyn of NPR (National Public Radio), an American media organization.

Some Zoombombers even shared offensive or explicit images and hate speech, mentioned Alice Broster of Bustle, a premier digital transformation dedicated to young women. Students reportedly had their online lectures disrupted by Zoombombers while church services were replaced with pornography. These cases prompted users to grow skeptical of how private Zoom meetings are.

The FBI then issued a news release to warn individuals about Zoombombing. Michael Kan of PCMag, an American computer magazine, said that Zoombombers have been gathering and sharing Zoom IDs to Zoombomb meetings simultaneously. Across the US, federal law enforcement and state investigators started to point out Zoom’s security flaws. New York Attorney General Letitia James noted, "Our lives have inexorably changed over the past two months, and while Zoom has provided an invaluable service, it unacceptably did so without critical security protections."

In a deal announced by James, Zoom agreed to do more to stop hackers from disrupting virtual meetings and to safeguard users’ data from these unwanted participants. James commented that the deal would put protections in place to enable Zoom users to exercise control over their privacy and security.

This way, schools, workplaces, religious institutions, and consumers don’t have to be concerned about having their privacy and security compromised while in a video conference. The agreement said that Zoom will encrypt “all personal information in transit.” However, it will not be encrypted if the users did not utilize a Zoom app or software for the transmission. Allyn reported that under the agreement, Zoom is taking steps to stop sharing user data with LinkedIn and Facebook.

How Can I Protect My Meetings From being Zoombombed?

Avoid using your Personal Meeting ID for conducting your virtual meeting. You can use a per-meeting ID that is exclusive to a single meeting. You can visit Zoom’s support page to find out how to generate a random meeting ID for your own (and your attendees’) safety. Enable the “Waiting Room” option so you can see who is joining the meeting before you allow them to go into the meeting. To enable this option, go to “Account Management” and click “Account Settings.” Then, click on “Meeting” and click “Waiting Room” to toggle this feature.

A skillful disrupter can bypass this security feature but it does not hurt to utilize it to deter potential Zoombombers. You can also disable other options such as the ability of other participants to “Join Before Host.”  It is recommended to disable screen-sharing for non-hosts, remote control function, file transferring, annotations, and autosave feature for chats.

To disable screen-sharing, go to the host controls at the bottom of the screen. You will see an arrow beside “Share Screen.” Click on it and click “Advanced Sharing Options.” Then, go to “Who can Share?” click “Only Host” and exit the window. Once you start the meeting, be sure to lock it from outsiders and assign two meeting co-hosts. The co-hosts will help you control and address the situation if a malicious actor bypasses your security measures and disrupts the meeting. Keep the details of your Zoom meeting/s private.



What Should I Do if Someone Zoombombs My Meeting?

It is possible for an unwelcome actor to infiltrate your meeting despite leveraging the platform’s security options. To ward away Zoombombers, lock them out of the meeting by going to the “Participants List” located in the navigation sidebar. Scroll down, click “More,” and click “Lock Meeting” to remove participants and prevent them from entering the meeting. You and your co-hosts can also go the “Participants List,” scroll to the bottom, and click “Mute All Controls.” This way, the unwanted attendee will not be able to use their microphone to disrupt your audio.

Zoombombing cases can make anyone question the safety and security of using Zoom for lectures or meetings. While Zoom is taking steps to bolster the platform’s security, users might want to use another video conferencing software to conduct meetings or lectures.