How to Secure Zoom Calls and Protect from Exploitative “Zoombombing”
As more groups and individuals turn to Zoom for video conferencing during the COVID-19 pandemic, a problematic trend called “Zoombombing” is on the rise. Unfortunately for the many thousands (likely millions) of people who are using Zoom video conferencing for the first time for work, school, and socializing, Zoom isn’t as secure as it should be.
To join a Zoom meeting, the default settings require participants to enter a unique Meeting ID. The Meeting ID is a 9-digit code that anyone—whether registered with Zoom or not—can use to participate in the call. This one-factor security has not been enough to stop pranksters and, in the worst cases, exploiters from joining meetings and wreaking havoc.
Intruders, known as “Zoombombers,” have been able to enter a yet-unknown-but-growing number of unsecured Zoom meetings with the intent of disruption and exploitation. Some have gone as far as sending nude images of themselves and/or sharing recorded pornography to the call’s participants—many of these calls have included young children. The FBI has responded to the reports, which is important, but groups and individuals who still want or need to use Zoom have to be aware of these problems and of potential security solutions they can implement.
In light of that, we wanted to outline steps that groups and individuals can take to protect themselves and their families from “Zoombombers”—be they pranksters or exploiters—as we live and work from home during this novel coronavirus pandemic:
- Protect every meeting with a password. Implementing this second layer of security can feel inconvenient, but it’s important. With awareness of the potential risks, as you schedule new meetings, make sure to toggle on the “Require Meeting Password” button. If you have recurring meetings set up without this security feature, it’s worth rescheduling them with this feature enabled. In cases where you aren’t in control of meeting scheduling and security settings, whether it’s for work or school or extracurricular activities, we encourage you to speak with those in charge and explain why it’s important that they make the simple change to add password-protection to their Zoom calls.
- Turn off automatic recording of meetings. Zoom has the capability of recording your meetings in their entirety. Zoom enables this feature as a default and so all calls are initially set up to be recorded automatically. This can be a handy feature in some cases, but it’s important to turn this off as a default and to get proper permissions from participants in each call before you decide to switch it on for an individual call. When you do record your Zoom call, it’s important to note that Zoom has the capability to save your recording to their “cloud” storage. We recommend turning this feature off as well, due to Zoom’s ongoing security concerns, and instead have the files save directly to your device.
- Utilize the “host” features as fully as possible. Zoom offers some in-call security features that are important for securing your teleconferences. You can disable screen sharing for all participants besides the host, prevent people from joining the meeting before you (the host) do and causing problems, and enable Zoom’s “waiting room” feature so you as the host can approve each participant individually. These useful features are all good ways to help decrease the threat of “Zoombombing” on your calls.
- Look forward to upcoming Zoom updates. Even if it’s been slower than most would like, Zoom has responded to this growing issue by halting all other development projects in order to boost their security and privacy measures. With this renewed focus, they will likely be rolling out changes to their product in the near future and so be on the lookout for software updates that will help make your Zoom experience more secure.
While these steps aren’t a guarantee that Zoom is 100% secure (no platform ever is), we believe they are prudent to implement and give you the best chance of avoiding “Zoombombing.”
To those who have already been targeted and sexually harassed, we hope for your healing. For all, we hope for improved safeguards—that all of our virtual work, school, and socializing may proceed uninhibited by those who seek to attack human dignity.
To view more Zoom suggestions and best practices for video conferencing, you can get additional advice directly from Zoom here.