The ongoing Coronavirus outbreak is pushing businesses, schools and other organizations toward video conferencing, and the sudden surge in volume has resulted in instances of “ZoomBombing.” ZoomBombing refers to an uninvited person crashing a Zoom meeting and disrupting it, sometimes with offensive or obnoxious images and audio.
These disruptions can be stopped with features already available to Zoom users. With some basic protections in place, you can ensure secure meetings with other video conferencing platforms, like Microsoft Teams and Cisco WebEx.
How to keep your Zoom meetings private?
In response to reports of ZoomBombing, the FBI recommends that organizations keep their meetings private, as this will deter most meeting crashers. It’s easy to do this with a few simple steps, including:
Don’t share a link to the meeting on social media
Some meeting organizers make the mistake of posting a link to the meeting on Twitter, Facebook or another social media platform. Anyone can see these links and join the meeting if there are no further protections in place. Attackers tend to be social media and tech-savvy, so they can quickly search for and access meetings in this way.
If at all possible, avoid posting a link to the meeting in a public place. Send a link to the event through private means, like e-mail. This way, no one will know about your meeting outside of the people it concerns.
Don’t use your Personal Meeting ID for public meetings
Zoom provides every account with a Personal Meeting ID, which serves as a permanent online meeting space. It’s intended for quick, impromptu meetings, because it’s like having a meeting room that’s available everywhere, all the time. However, your Personal Meeting ID never changes, so if bad actors get ahold of it, they can access this general meeting space whenever they feel like it.
When creating a meeting, you have the option of generating a random, unique meeting ID. When starting a public meeting, a random ID will ensure no one can access your general meeting space at a later time.
Password protect your meetings
For the sake of speed and convenience, many meeting organizers opt to go without a password. However, it only takes a few seconds for people to enter a password, and it’s a highly effective way to deter people from crashing the meeting.
These simple features are easy to implement and can repel most attackers. For additional protection, though, Zoom has an extra feature that’s easy to use and won’t inconvenience authorized meeting members.
How can Zoom’s Waiting Room feature also prevent uninvited guests?
Zoom’s Waiting Room feature is exactly that – an online holding area where meeting participants wait until the host is ready to begin. This feature can be toggled on for all future meetings, so you don’t have to remember to switch it on.
Here’s why your organizations should consider adding a Waiting Room:
Gives you time to vet guests before the meeting starts
If desired, everyone who attempts to join the meeting can be held in the Waiting Room until the meeting starts, and during this time, the meeting’s organizer can review everyone trying to join. If someone looks suspicious, they can be expelled from the Waiting Room and never push their way into the meeting.
Protects your Personal Meeting ID
If you’re planning a public meeting that will use your Personal Meeting ID, a Waiting Room allows you to bottleneck unauthorized people from entering. This allows organizers to safeguard their general meeting space without avoiding public meetings altogether.
Doesn’t inconvenience people who are authorized to join
Waiting Rooms can be customized so that designated users can join without having to wait or input a password. There is a lot of flexibility here. For example, a meeting organizer can opt to let everyone from a designated domain or department in, and stop everyone else.
What can managers do when someone uninvited joins the meeting?
Once the meeting begins, the host still has plenty of control over who can share what and when. At the top of the screen, there’s a “Manage Participants” button. From here, the host can control what participants are allowed to do and not do. For example, the host can:
- Remove participants from the meeting
- Put participants on hold
- Disable video or file sharing from a particular participant
- Disable annotation features for a participant
- Disable private chat functions
- Put a participant back in the Waiting Room
These functions are helpful for securing a meeting and for helping it run smoothly, even when there is no one actively disrupting the conference. The host can also bring participants that have been removed back into the room or toggle permissions back on, in case the wrong person is removed or muted.
Are there security concerns with Microsoft Teams and Cisco Webex?
Zoom has received a lot of attention due to a few notable instances of ZoomBombing, but attackers also crash unprotected Microsoft Teams and Cisco WebEx meetings. In both cases, much of the same advice applies. Use a password and keep the meeting private when possible. In addition, here’s what meeting organizers can do to protect their Microsoft Teams and Cisco Webex meetings:
During a meeting, if people are trying to share content they shouldn’t, muting other people or otherwise being disruptive, there are a couple of options. If the meeting has already started, the “presenter” (the person running the session) can designate others as “attendees.” Attendees can speak, but cannot share content or affect anyone else in the meeting. The Presenter can mute attendees at any time to prevent further issues.
When a meeting is created in Microsoft Teams, users have the option to make everyone but the meeting organizer an attendee. This takes effect as soon as the meeting starts, so disruptions are stopped before they begin.
Cisco WebEx allows meeting organizers to keep everyone in a holding room, much like Zoom’s Waiting Room, before they join the meeting. This allows meeting organizers to confirm the identity of everyone attempting to join, so they can be screened out when necessary. Further, WebEx allows meeting organizers to “lock” the conference as soon as it starts, so no one can enter in the middle of the conversation. This feature can be toggled as default when creating a meeting, so it’s an automatic form of protection.
How can an AV integrator help with video conferencing security?
The vast majority of ZoomBombing attempts are easy to stop if the host knows how to use Zoom’s protective properties. Much of this comes down to lack of familiarity with the software, and this can be resolved with better training.
AV integrators are experts in video conferencing and telecommuting and know how to effectively train their clients. No matter your team’s comfort level with technology, no matter how many people there are to train and no matter what conferencing platform you’re using, an AV integrator can provide the necessary training. In addition, AV integrators can help their clients select the right conferencing technology for their organization, so no time is wasted in transitioning to video conferencing. Also, if there are ongoing concerns or technical issues with the system, an AV integrator can provide support to resolve any problems.
ZoomBombing may get headlines, but it’s easy to avoid or stop if your organization takes the right steps before and during conferences. Take a few precautions for video conferencing and telecommuting safely beforehand and your meeting won’t be disrupted by trolls and nefarious hackers.