‘Zoombombing’ and tips for preventing it

Fields marked with an * are required

Subscribe to our newsletter

Updated 31 March 2020

In recent weeks, as the world reels from the effects of social distancing due to the COVID-19 outbreak, we have witnessed a significant uptake in the use of tools like Zoom. So along with the fantastic way technology has risen to the challenge comes some problems, which seems to be a regular occurrence in the tech space, and we’re seeing a rise of cyber trolling or criminal activity.

There have been many cases of ‘Zoombombing’ reported in recent days, which is the simple act of trolls or users entering a Zoom Meeting ID and joining into an open meeting and then broadcasting very confronting sexually explicit content to the meeting. This content is broadcast by the user’s webcam or through screen sharing.

The Zoom platform has an inbuilt function to prevent this from occurring and therefore, increasing the control we have for securing our meetings.

By setting up the password protection function by default, Zoom can limit a meeting to only allow those invited with the password.

Zoom Admins can enforce this useful security measure at an institutional level, mandating password for all meetings.

Zoom released an enhancement on 26th March 2020 that will default screen sharing by host only instead of all participants in a meeting. This will prevent ‘Zoombombing’ by screen sharing.

Enable Host Only Screen Sharing

This setting gives the host of meetings sole permission to screen share content within the meetings by default.

Enable Host Only Screen Sharing Screen Shot

If the host would like to give permission to participants to screen share, the host can enable it during the meeting. This is done by clicking on the arrow to the right of the Screen Sharing icon, selecting Advanced Sharing Options and then selecting All Participants.

Zoom screen sharing screen shot

Advanced options for Zoom screen sharing screen shot

Zoom Settings to Control Passwords

In the Zoom Account Settings you will find the following password controls. Zoom Admins can enforce passwords for all existing, recurring and future meetings:

This is what a Zoom Admin will see:

Zoom admin view of password setting

This is what a Zoom User will see:

Zoom password settings for new meetings

Enable Waiting Room

Meeting hosts can control who enters the Zoom meeting. The Waiting Room feature allows the host to control when a participant joins the meeting. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once.

To enable this, go to your Account Settings to turn on Waiting Room.

Lock Meeting

Meeting hosts can lock the meeting to prevent anyone new from joining. The host can find this under Manage Participants->More->Lock Meeting

Lock meeting screen shot

Join Before Host Controls

Also, it is good practice to ensure connections cannot be made before the host joins. If you enable participants to join before the host, anyone can join anytime and fraudulently use the meeting space for other activities.

Zoom join before host settings

Publicly sharing a Zoom Meeting ID/URL is also not advisable as this provides options for compromise of the session or fraudulent use.

More information:

Authors: Dave O’Loan, AARNet Cyber Security Specialist and Paul Hii, AARNet Collaboration Portfolio Manager

Disclaimer: this is general advice only and is not intended to be address individual circumstances. Each person should conduct their own evaluation of security and privacy considerations of using any product.

Related Stories


Oct 28, 2021

Look after your digital footprint to stay safe online

October 2021 is Cyber Awareness Month. Do...


Oct 21, 2021

The basics of authentication for protecting your information

October 2021 is Cyber Awareness Month. Do...

AARNet / Security

Oct 14, 2021

How to protect your devices from cyber attacks, and why you need to

Cyber Awareness Month – October 2021. Do...

AARNet / Security

Oct 7, 2021

What are social engineering attacks and how to protect yourself

October 2021 is Cyber Awareness Month. Do...