There have recently been news articles regarding Zoom Bombing and the threat it poses. For the unaware, Zoom Bombing is an attack where uninvited participants disrupt Zoom meetings by presenting various types of offensive content. With the recent rise in popularity of the Zoom platform, these attacks have become more frequent and have garnered attention from the media and FBI. Fortunately, there are several measures users can take to protect their selves and their guests.
- Set Passwords on your Meeting: Adding a password to a meeting is strongly advised to prevent uninvited participants to join through guessing Meeting IDs. Be wary of embedding passwords in a link or allowing phone users to join without a password, as the link could be shared, and phone spoofing could be automated. If you do elect to use these options, we recommend using it in conjunction with other options below.
- Utilize Waiting Rooms: Waiting rooms allow the meeting host to pick and choose who can enter a meeting. They function similar to a lobby with a receptionist desk where you can see who is waiting to enter the meeting.
- Allow Only Authenticated Users: This option limits the meeting only to those that have registered an account using an email address. While it won’t prevent determined attackers, it does create a barrier to filter opportunistic attackers in guest mode.
- Lock the Meeting: After all participants have joined, consider locking the meeting to only current participants to prevent any other unintended guests.
For a full list of recommendations, please see this Zoom blog post providing a comprehensive list of controls available for meeting hosts, including other controls such as preventing screen sharing, muting all attendees, disabling chat, and disabling file transfer.
Additionally, Aires has recently released a guide with general recommendations for virtual meetings and specific tips for popular platforms. Please visit this link to view this document.