Video TranscriptMy name is Chris Montgomery and welcome to this TN Alert. As more and more employees find themselves working from home, Zoom has become the go to method of communications and collaboration for individuals, businesses and schools since it works across virtually any device allowing you to conduct meetings from anywhere, anytime.
So, what is Zoom – exactly?Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. And Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Our alert today centers around a recent trend when using Zoom – specifically, Zoom Bombing.
Zoom bombing - otherwise known as Video Hijacking - occurs when conferences are hosted on public channels shared over the internet via URLs, making them accessible to anyone. Hijackers can sometimes guess the correct URL or meeting ID for a public Zoom session, giving them access to the feed.Thus far there have only been a handful of Zoom Bombings, but those are just the ones that have been reported. I say this because the school my children attend have had this happen to them as well, but just didn’t report it. In the case of our local school, students are having regular meetings online to visit with their teachers and classmates during the stay at home order currently in effect throughout the US; however, a Zoom Bomber was either given or figured out the meeting ID and was able to join resulting in a bit of chaos. In reported incidents, Bombers will shout profanity in addition to sharing personal information about the teacher. The reason Zoom Bombers are so effective is that meetings are only protected from those Zoom Meeting ID auto dialers that have a set password. If the meeting doesn’t have a password, it’s just a matter of guessing the Meeting ID and pressing Join. To protect against this, you can do one of two things. First, you can simply require a password to join your meeting, but if you’d like to make this your default setting, simply select the option to “Embed password in meeting link for one-click join” as either one of these will prevent an actor from accessing your meeting without losing the usability of sharing a link to join.
Additional recommendations from the Better Business Bureau include:
- Use a unique ID for large or public Zoom calls
- Don’t share the unique ID’s publicly
- Only allow hosts to share their screen
- Create a waiting room
- Create an invite-only meeting
- Lock the meeting once it starts
- Remove attendees or put them on hold if they become disruptive
- Disable the unruly participant’s camera or all cameras assuming that’s an option
- Make sure the Disable File Transfer setting is active