Security Alert: Zoom and Zoomboming

Key Points:

  • Continue to use Google Meet and Zoom for conferencing needs

  • Secure your meetings as outlined

  • Keep the Zoom client updated

  • Manage participants for your meetings that are sensitive


Secure your Meetings:

  • Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.

  • Do not publically share your meeting links - share directly with individuals.

  • Change Screensharing to Host Only.

  • Keep the Zoom client installed on your device updated.


ePHI / Client Discussions:

  • Given the scrunuity around Zoom and its encryption, we are advising using Google Meet for meetings containing ePHI.

  • More information to come later as we complete a risk assessment and further research.


You have probably seen or heard quite a bit about Zoom lately, from being a tool for schools, families, friends, and businesses to “Zoomboming” (a new form of harassment in which intruders hijack video calls and post hate speech and offensive images) to encryption, etc. As though we didn’t already have enough to worry about! The purpose of this alert is to provide you with information to best secure your Zoom meetings. We are still confident in Zoom and Google Meet, but must use discretion as with any of our technology tools and the Internet.

The FBI is warning Zoom users of the potential threat, “As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:”

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.

  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.

  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”

  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.

Zoom Recommends

To prevent participants from screen sharing during a call, using the host controls at the bottom, click the arrow next to Share Screen and then Advanced Sharing Options.

Advanced Sharing Options

Under “Who can share?” choose “Only Host” and close the window. You can also lock the Screen Share by default for all your meetings in your web settings.

Prevent others from screen sharing

Manage your participants

Some of the other great features to help secure your Zoom event and host with confidence (click orange text for links):

Authorized Attendees

This is useful if you want to control your guest list and invite only those you want at your event — other students at your school or colleagues, for example.

  • Lock the meeting: It’s always smart to lock your front door, even when you’re inside the house. When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one). In the meeting, click Participants at the bottom of your Zoom window. In the Participants pop-up, click the button that says Lock Meeting.

  • Set up your own two-factor authentication: You don’t have to share the actual meeting link! Generate a random Meeting ID when scheduling your event and require a password to join. Then you can share that Meeting ID on Twitter but only send the password to join via DM.

  • Remove unwanted or disruptive participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to kick someone out of the meeting.

  • Allow removed participants to rejoin: When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin, in case you boot the wrong person.

  • Put ‘em on hold: You can put everyone else on hold, and the attendees’ video and audio connections will be disabled momentarily. Click on someone’s video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participants list when you’re ready to have them back.

  • Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video or for that time your friend’s inside pocket is the star of the show.

  • Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the clamor at bay in large meetings.

  • Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, GIFs, memes, and other content.

  • Turn off annotation: You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens.

  • Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions. This is really to prevent anyone from getting unwanted messages during the meeting.

  • Try the Waiting Room: One of the best ways to use Zoom for public events is to enable the Waiting Room feature. Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. It’s almost like the velvet rope outside a nightclub, with you as the bouncer carefully monitoring who gets let in.

Comments