Zoom Bombing

What is Zoom bombing?

Over the course of the pandemic, the American video conferencing platform, Zoom, has unsurprisingly exploded in popularity. In fact, in June 2020, Zoom had 300 million users worldwide, compared to 90 million in December 2019, prior to the pandemic.

But, as Zoom became more popular, cyber criminals identified it as a new avenue to exploit vulnerable businesses. Hence the dawn of ‘Zoom bombing’.

Zoom bombing, or Zoom raiding, refers to the unauthorised, disruptive intrusion of cyber criminals or internet trolls into a Zoom video call.

Cyber criminals will attempt to get meeting IDs, invite links, and passwords to then share them on websites like Reddit.

Malicious users will then join meetings without permission and carry out offensive, disruptive, and inappropriate behaviour to detract from the meeting. This includes:

  • Displaying distasteful images
  • Making disruptive noises
  • Changing backgrounds
  • Sharing unsuitable or offensive content

The purpose of Zoom bombing is largely to derail the meeting and cause havoc for businesses, schools, and other organisations. In some cases, incidents of Zoom bombing have led to criminal charges.

How can I prevent Zoom bombing?

There are several different methods you can use to prevent your meetings from being Zoom bombed.

1. Don’t use your Personal Meeting ID for public meetings

If you put your Personal Meeting ID out to the public, it could easily end up in the wrong hands. Malicious users could then use it to enter your smaller, private meetings in the future and Zoom bomb your participants. Instead, we recommend generating a random meeting ID or hosting a webinar.

2. Take advantage of the security icon

A security icon will display at the bottom of your Zoom meeting. Here, there are several safety measures that you can use to secure your meeting, including:

  • Lock Meeting – this stops new participants from joining
  • Enable Waiting Room – new participants will be directed to a waiting room before being allowed access to the meeting. Similarly, you can move current participants into the Waiting Room if necessary. To move a participant into the Waiting Room, click on their video thumbnail or hover over their name in the participant list. Then navigate to More > Put in Waiting Room
  • Allow or restrict participants’ ability to, chat, rename themselves, unmute themselves, start video or annotate on shared content
  • Remove Participant – quickly remove disruptive participants
  • Report – report disruptive participants to Zoom’s Trust and Safety team, providing a description of why you’re reporting them and attaching any necessary evidence
  • Suspend Participant Activities – turn off all participants video, audio, Zoom Apps, and ability to share their screen

Here’s how to navigate to Zoom’s security icon…

3. Disable file transfer

In meeting file transfer enables participants to share files through the chat during a meeting. Go to Settings > In Meeting and toggle File transfer off to disable this feature. This will ensure intruders cannot Zoom bomb your meeting with inappropriate or offensive images, GIFs, and other files.

4. Don’t allow screen sharing

If you’re the host, prior to a meeting you can restrict controls so that only you can share your screen during the meeting. To do this, navigate to Share Screen > Advanced Sharing Options > Who can share? > Host only. You can also lock the Screen Share by default for all your meetings in your web settings. Similarly, if you want to restrict screen sharing during the meeting, you can navigate to the security icon mentioned above. Disallowing screen sharing will prevent any unwanted participants from Zoom bombing your meeting by sharing offensive content.

5. Disable annotation

During a Zoom meeting, you can annotate a screen share to aid discussion, planning, and innovation. But to block unwanted participants from Zoom bombing your screen share with unwanted annotations, you can disable annotation for all participants. To do this, login to your Zoom account and navigate to Settings > Meeting > In Meeting (Basic) > ensure Annotation toggle is off.

6. Customise your Waiting Room

The Waiting Room feature is a virtual staging area where participants can wait before you grant them access to the meeting. To set up your Waiting Room navigate to Settings > In Meeting (Advanced) > Waiting Room > Toggle this on.

You can then choose to either send all participants to the Waiting Room or to only send external accounts there. You can also allow approved participants to admit guests from the Waiting Room if the host hasn’t arrived yet. Hosts can also customise their Waiting Room by adding a unique message to assure participants they’re in the right place and provide information about the meeting.

7. Enable registration

Enabling registration will mean attendees must provide an email address, name, or answer other questions before being able to join your Zoom meeting. This allows you to capture more information about your attendees and filter out any unwanted guests.

To enable registration, sign into Zoom and navigate to Meetings > Schedule a Meeting (or edit an existing meeting if it’s already been scheduled) > Registration > ensure the Required check box is ticked.

You can then view information about your attendees by navigating to Manage Attendees > View > Click on each individual name for all their info.

Microsoft Teams as a more secure alternative

Whilst the steps above will help you secure your Zoom meetings and prevent Zoom bombing, it is more strategic for you to switch to a more secure video conferencing partner.

Zoom has received lots of negative feedback in the last year due to security concerns, even issuing an apology statement in April 2020. Instead, many experts recommend Microsoft Teams as a more flexible, professional, and secure alternative. Here’s why:

  • The rise in Zoom bombing – as outlined in this article
  • An ambiguous privacy policy – Zoom’s privacy policy is vague, giving them the flexibility to use personal information such as third-party trackers and surveillance-based advertising
  • Evidence of security vulnerabilities – cyber criminals have been known to steal passwords and take over Zoom users’ Macs and PCs, tapping into their webcam and microphone
  • Tracking user actions – Zoom’s tracking feature monitored users’ behaviour whilst on a call, for example by tracking whether they clicked away from Zoom during a meeting, alerting the host that they’re distracted. Consequently, Apple had to secure millions of devices. This feature has since been removed by Zoom

In contrast, Microsoft have been praised for their dedication to cyber security, and Teams is no exception. Here are some of the features Teams uses to maximise security:

  • Data will never be used to serve you ads. You can visit Microsoft’s Transparency Hub to find out how they respond to third-party requests for data
  • Participants’ behaviour will never be tracked during meetings
  • Once your account is closed, your data is deleted permanently
  • Option to access your own customer data at any time
  • Multi-factor authentication adds an extra layer of security to usernames and passwords, preventing cyber criminals from accessing employee accounts
  • Microsoft encrypts all data used in Teams, storing it in their world-class data centres and using secure real-time transport protocol for audio, video, and desktop sharing

In addition to high security standards, Teams gives users advanced video conferencing capabilities, helping them to collaborate effectively, wherever they are.

To learn more about Microsoft Teams and how it can help your team communicate securely, download our Microsoft Teams 101 guide below.

Or to speak to an expert about how Microsoft Teams or our security solutions can help your business, contact us today.

Microsoft Teams

Microsoft Teams 101

Tips and tricks to get the most out of Microsoft Teams.

Complete the short form below to download your free eBook.