Zoom photo

How to Protect Your Next Class or Meeting from ‘Zoombombing’

Trolls have been hijacking video conferences. WPI’s CIO offers tips on how to stay secure
April 14, 2020

With people around the world staying home to try to stop the spread of the COVID-19 pandemic, video conferencing tools like Zoom have become a critical link keeping businesses and schools operating online. Employees gather in online meetings, and teachers and professors deliver lectures and hold discussions, labs, and office hours remotely.

According to Zoom Videocommunications, Inc., the number of Zoom meeting participants grew from about 10 million daily in December to 200 million daily in March. That burst in usage has drawn the attention of trolls who have been hijacking Zoom meetings and overtaking them with pornographic, racist or threatening images and comments.

This new pandemic-related phenomenon has been dubbed Zoombombing.

“With so many people using videoconferencing, it’s important to safely use these tools,” said Patty Patria, vice president for information technology and chief information officer. “People need to be educated about best practices because with the increased usage, there’s increased attention from people who’d like to cause problems.”

Shortly after students and workers from around the world flooded home to do their work remotely, the Zoombombing began.

Racist or vulgar trolls interrupted online classes at academic institutions, and online communities have even popped up to help people organize Zoombombing raids. The problem has become so prevalent that at the end of March, the FBI issued a warning about video conference hijacking and offered steps to mitigate the threat.

Patria noted that the university uses Zoom for online classes and meetings. She said Zoom recently changed default settings, such as turning on meeting passwords and waiting rooms,  to increase security. WPI’s Information Technology Services (ITS) has posted tips to help the university community keep virtual meetings, regardless of platform, secure.

Patria said there are some basic actions people can take to keep their virtual meetings secure.

  • Use Zoom’s ‘waiting room’ feature, which enables the meeting administrator to screen who can enter the meeting, preventing uninvited guests from getting in and taking over. As of March 31, the waiting room feature was turned on by default. Do not disable it.
  • Password protect your meetings. Zoom recently updated its software to use passwords by default. Do not turn off this feature.
  • Monitoring participant lists is very important. Watch the number of participants. If a virtual meeting should have 12 people and the number rises above that, it’s a red flag.
  • Meeting hosts have quite a bit of control over who can share materials and video, and even who can speak. They should use that control. Change the screen sharing feature to ‘host only’ so anyone not invited cannot share malicious content. Those capabilities allow faculty teaching classes or people holding meetings to control who is actively involved in their sessions.
  • Do not post meeting information – time, date and session ID -- on social media or other public sites. If someone needs to be invited to a virtual class or meeting, send the information in an email or private post.
  • Disable the ‘join before host’ option. Preventing users from joining before the meeting leader arrives preserves control over the session. 
  • Enable the ‘co-host’ option so the host can assign moderation duties to another user during the session. “It is always a good idea to have someone looking out for you while you are busy leading the session,” warns ITS.
  • Disable the ‘allow removed participants to rejoin’ option. This prevents anyone who was removed from the meeting from rejoining and creating a hostile environment.
  • The host can have attendees join muted or the host can click on manage participants and mute all.

Video conferencing users also need to consider privacy. Here are several points about privacy related to the camera function or view:

  • Be aware of what is behind you during a Zoom call. Whether students are joining a video conference from their bedroom or a remote worker is joining from their dining room, they all should think about what can be seen on their screen. Consider removing photos, notes or memorabilia you don’t want others seeing.
  • Remote workers also can help prevent an information leak by making sure any confidential or proprietary information cannot be seen during a virtual meeting.
  • Be aware of the camera on your laptop. If a troll worked his way into your system and activated your camera, he could see and record what the camera sees, or could even turn off the light that normally alerts you when the camera is on. Consider using a sliding webcam cover or even a sticky note to block the camera.

-By Sharon Gaudin