Defusing a Zoom-bomb

“Zoom-bombing” and other teleconferencing security problems have had a lot of the press since the first splash of excitement about the uses of these technologies in times of physical isolation like we are now living through.

The name is really a misnomer, though that is somewhat understandable as it first became common on the Zoom platform. Every teleconferencing platform (Teams, Hangouts, GoToMeeting, etc.) is potentially vulnerable to the same gate-crashing techniques. They are also not really serious security risks (in most cases), just troublesome and upsetting.

In case you don’t know, “Zoom-bombing” is someone turning up uninvited to an online meeting and sharing offensive material or otherwise disrupting the meeting. Upsetting enough in a work context, but likely more so in a heartfelt gathering with your Great-Aunt Rita.

Fortunately, it’s pretty easy to stop and only requires minimal changes to how you operate. I’ll offer up a few options below, but in most cases, even one of them will either stop the “Zoom-bomber” or at least make it hard for them to do much before you boot them out.

before it happens

don’t tell the world where you’re meeting

There’s usually no good reason to put a link on social media. Send it to participants directly or use a private email list. Even posting to your own website is better than throwing it up on Facebook, Twitter, or other social media.

password protection

Seems like an obvious solution, but because the passwords are usually shared in the same place at the meeting code, it is unlikely to stop anyone. Nevertheless, they don’t really hurt, and if you share them separately, then it could well prevent uninvited participation.

turn off “Join before host”

While convenient for some groups to be able to join the meeting before the host, it often provides an opportunity for problem people to take over a meeting before the host arrives to control it.

registered users only

Most platforms have a system of requiring participants to register beforehand and letting you restrict participants to only those you name. This is very easy and effective if you are meeting with colleagues on an agreed platform or one tied to your work account like Teams or Hangouts, but can be awkward with ad hoc guests, clients or family.

waiting rooms

This is quite an effective method of stopping unwanted people from joining. When anyone joins they are put, alone, into a waiting room. The host will admit them. However, the host, on most platforms, can only see what the person called themselves as they joined, so it’s possible you might be fooled. However, it’s not very likely a Zoom-bomber will hang around in a waiting room.

disable screen sharing

This is the easiest way to prevent unwanted sharing. Just turn it off for everyone but the host. If someone else is to present, just make them a co-host. This obviously won’t prevent someone from making a racket or holding things up to their camera.

disable “private chat”

This is a judgment call, but most meeting probably don’t need private chat capability as all conversation should happen in the “public chat”. Disabling this can cut the risk of private harassment going on in your meeting.

turn off file transfer

Most meetings aren’t going top need them and transferred files could be disruptive in all kinds of ways, including carrying actual security threats in the form of malware.

If it happens

mute everyone

It can take time to find the culprit in a large meeting. Hit the “Mute all” button and lock it (prevent individual unmute). That will buy you some time to find the culprit and kick them out. If your platform allows you to lock the meeting to prevent re-joining, do that.

remove them

Right-click on the culprit or use the participants control panel in your platform to kick them out and ban them. Depending on your settings you may need to lock the meeting to prevent them from coming back.

You’ll need to review the settings for your platform to find the specifics for each of these. I’ll be updating this article as we update our documentation to link to the specific methods for Zoom, Teams, and Hangouts.