Updated 31 March 2020
In recent weeks, as the world reels from the effects of social distancing due to the COVID-19 outbreak, we have witnessed a significant uptake in the use of tools like Zoom. So along with the fantastic way technology has risen to the challenge comes some problems, which seems to be a regular occurrence in the tech space, and we’re seeing a rise of cyber trolling or criminal activity.
There have been many cases of ‘Zoombombing’ reported in recent days, which is the simple act of trolls or users entering a Zoom Meeting ID and joining into an open meeting and then broadcasting very confronting sexually explicit content to the meeting. This content is broadcast by the user’s webcam or through screen sharing.
The Zoom platform has an inbuilt function to prevent this from occurring and therefore, increasing the control we have for securing our meetings.
By setting up the password protection function by default, Zoom can limit a meeting to only allow those invited with the password.
Zoom Admins can enforce this useful security measure at an institutional level, mandating password for all meetings.
Zoom released an enhancement on 26th March 2020 that will default screen sharing by host only instead of all participants in a meeting. This will prevent ‘Zoombombing’ by screen sharing.
This setting gives the host of meetings sole permission to screen share content within the meetings by default.
If the host would like to give permission to participants to screen share, the host can enable it during the meeting. This is done by clicking on the arrow to the right of the Screen Sharing icon, selecting Advanced Sharing Options and then selecting All Participants.
In the Zoom Account Settings you will find the following password controls. Zoom Admins can enforce passwords for all existing, recurring and future meetings:
This is what a Zoom Admin will see:
This is what a Zoom User will see:
Meeting hosts can control who enters the Zoom meeting. The Waiting Room feature allows the host to control when a participant joins the meeting. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once.
To enable this, go to your Account Settings to turn on Waiting Room.
Meeting hosts can lock the meeting to prevent anyone new from joining. The host can find this under Manage Participants->More->Lock Meeting
Also, it is good practice to ensure connections cannot be made before the host joins. If you enable participants to join before the host, anyone can join anytime and fraudulently use the meeting space for other activities.
Publicly sharing a Zoom Meeting ID/URL is also not advisable as this provides options for compromise of the session or fraudulent use.
Authors: Dave O’Loan, AARNet Cyber Security Specialist and Paul Hii, AARNet Collaboration Portfolio Manager
Disclaimer: this is general advice only and is not intended to be address individual circumstances. Each person should conduct their own evaluation of security and privacy considerations of using any product.
Oct 19, 2020
Jun 29, 2020
Feb 13, 2020