Ever since the COVID-19 pandemic forced so many people to work from home, instances of unwelcome visitors to Zoom calls and meetings have been rising. The sheer number of people using video conferencing apps has made many more opportunities for nefarious individuals to show up in private calls to yell out profanity, share something objectionable on the screen, or bombard the chat with something inappropriate. In some cases, they just interrupt the meeting in question. It is a real issue, so it is nice to know that Zoom has made several security features available to stop “Zoom bombing” from occurring to begin with. Some of these settings are a little hard to find, so we will walk you through everything you need to do in order to prevent Zoom bombing.
Zoom bombing can be prevented by: (1) updating your apps, (2) properly setting up your security settings, (3) not sharing your link publicly, and (4) having moderators and co-hosts in your meetings. These four precautions will ensure that Zoom bombing does not become an issue on your next video call.
Update your Zoom apps
Some security features added by Zoom are only on newer versions of their app. This means that if you are using an outdated version, you may be vulnerable to Zoom bombers. So update your Zoom app regularly. We also recommend that anyone hosting a meeting use their desktop PC (Windows or Mac) to host since this version of the app has many more controls and settings to be able to lock down the meeting.
How to correctly setup meeting settings to prevent Zoom bombing
As long as your app is the latest version, the best way to ensure your meeting is as secure as possible is to correctly apply security settings for your meeting.
Here is the settings page for when you are first setting up a Zoom meeting. We’re going to go through the critical settings that we have circled in green.
Use an automatically assigned Meeting ID
The first setting is to make sure you have the “Generate Automatically” option checked under the Meeting ID section. This will create a totally random meeting ID as opposed to using a personal meeting ID. If someone gets ahold of your personal meeting ID, and you use it for all of your meetings, then there is more likelihood that they could find and exploit your meeting.
Set a passcode
The second most important option is generally selected by default in Zoom. This is the passcode, under the security section. This is simply a password that all meeting attendees must enter before joining the call. Always make sure you use this option in order to have maximum security.
Use the waiting room feature
This is a relatively new feature for Zoom where you can create a digital waiting room for all newly joined attendees to a meeting. They will not be able to join the main call until the host (you) specifically allow them to. This is a good way to keep an eye on who exactly is joining your meeting. You will see a little notification at the top of the Zoom call like the one below when someone has joined the waiting room. You can also just let them in from the Participant panel.
Turn off video for participants
When you create your meeting turn off video for participants. You can always specifically allow individuals to turn on video once you are in the meeting if necessary. This will avoid any awkward encounters with Zoom bombers who want to disrupt your meeting.
Do NOT allow users to join anytime
Leaving this setting off is a good idea. This means that people will only be able to join when the host (you) have formally started the meeting. This will give you a bit more control over who is joining your call and at what time.
Mute participants upon entry
Like limiting participant video, you can also make it so participants join with their microphones muted. Be sure to have your Zoom app upgraded to the latest version as this is a more recent security feature. Some of the most common Zoom bombing incidents happen when someone shouts out obscenities during a meeting because participant microphones are enabled by default.
Block users from specific countries or regions
If you know where all of your legitimate attendees are joining from, it may be a good idea to only allow participants from specific countries. Of course, this will only help you if a potential Zoom bomber is from another region. But it is better safe than sorry!
Two Advanced Zoom Bombing security settings for paid users
All of the above settings are available to free Zoom users. However, there are two specific ones that are only available on paid Zoom accounts. You will see these circled in green in the paid settings screenshot below. First, you can require participants to have registered for your meeting formally in advance. When you enable this, your meeting will no longer just be a link that you share. Instead, it creates a sign-up page for your meeting for RSVPs. This is an excellent option for a very public meeting or a webinar.
Another feature is the “Require authentication to join” setting. This will make it so participants will need to sign in to Zoom with an official account (complete with an email). This could deter Zoom bombers since it is just another layer of complexity and disclosure of personal info to join a meeting. They may be able to be caught if authentication is required and it exposes their personal email address and name.
Use the right type of Zoom call
This isn’t necessarily a setting, but actually, just a process to choose properly depending on the type of meeting you are running. If it is an internal meeting or personal call, then the default Zoom “meeting” call is exactly what you need. Follow the above security precautions and you should be fine. But if you are running an official public call for your organization, akin to presenting at a conference, you may want to consider using the “webinar” option. This is perfect for large-scale public launches or conferences. In this mode, only hosts and panelists can use audio and video. Participants are limited to chat messages (which can also be turned off). We highly recommend not running a large-scale public event on a Zoom “meeting.” This is where most Zoom bombing incidents take place. Please note that Zoom webinars are only available in some paid Zoom accounts.
Don’t publicize your Zoom link publicly
If you do decide to run a work Zoom event more publicly and are using a “meeting”, then you need to be very careful. Be sure to use the “Registration Required” setting. This will make it so you don’t ever actually share the link to the Zoom meeting publicly. Instead, you are simply sharing a sign-up or RSVP page. Zoom bombers are famous for simply scraping the internet (social media especially) for public Zoom meeting links and then testing to see if those meetings have forgotten to enable some security settings. So don’t even share your Zoom link publicly!
Security settings to enable once you are in a Zoom call
There are actually some settings that can only be enabled once you are in a Zoom call. It is important, as a host, to carefully look over these settings when you run a meeting. When you join your call, you will see a little shield icon along the bottom toolbar. Click this and it will show a few critical security settings.
Disable participant screen sharing
This should be off by default, but sometimes organizations have made a change in the back end of Zoom that may cause all meetings to have screen sharing on by default for all participants. While this is very convenient to get meetings running, it is a major security weakness in a meeting. Some of the worst incidents of Zoom Bombing involve people screen sharing pornography on screen because this setting has been left on by the host. You can always promote specific participants to co-hosts in order to allow them to screen share.
Disable participant chat
If you are running a fairly large or public event, you may want to completely disable the chat for participants as well. This will avoid Zoom bombers spamming your meeting with nonsense (or worse) in the chat. This is likely the most common form of Zoom bombing.
Disable participant renaming
One tricky thing a Zoom bomber could do, is rename themselves to the same name as a co-host. This may confuse the actual host to hand over some control of the meeting to the wrong person. People can also just put horrible and objectionable stuff in their username. Disabling this feature can avoid this.
Don’t allow participants to unmute themselves
In some circumstances, you might want to only allow specific people to speak (that you pick as the host) instead of allowing anyone to unmute. This will lock down your call from any unwanted screaming or inappropriate language. This one has been quite common in school Zoom classes.
This isn’t really a setting per se. But if you have a fairly decent-sized meeting you’re going to want to have one more or even a couple more people that are co-hosts of the meeting with you. If you are using a paid Zoom account you will have the ability to actually designate co-hosts that are able to eject people, mute participants, and change security settings. We highly recommend tag-teaming meetings whenever you can since it is sometimes hard to run a meeting and also keep an eye on anything bad that is happening.
What to do if you are being Zoom bombed
The first line of defense if someone unwanted joins your Zoom call is simply to boot them from the meeting. Click on the Participants button in the bottom toolbar. This will bring up all of the current participants in your call. Hover over the unwanted Zoom bomber and click the blue “More” button. You will then be able to remove them completely from the meeting. This will also ban them from entering the same call again. For someone that is maybe just sort of suspicious, you can also send them back to the Waiting Room while you try to figure out who they are.
Locking your meeting to not allow anyone else in
If things get really out of hand and someone has somehow gotten into your Zoom call and Zoom Bombed you, you can also Lock the meeting once you have booted the offending person. This will make it so no more people can join at all. Just click the shield icon at the bottom and click Lock Meeting.
Conclusion: Better to be safe than sorry
Zoom Bombing is on the rise. And the more we work from home, the more opportunity people will have to exploit security holes in your meetings. So be sure to get familiar with all of the settings that we outline above. If you ever do have something happen, you will be ready to lock your meeting down and boot the offender. Happy Zooming!