How To Prevent Zoom-bombing
Some basic steps you can take to protect your online meeting.
Thursday 11 June, 2020 • Suze Shardlow • 6-minute read
The threat of COVID-19 meant we had to take Ladies Of Code (LoC) London events online or not meet at all. I had heard of Zoom-bombing and wanted to reduce the risk to our members.
Friends of mine told how they had attended other online meetups on Zoom, only to have the screen share hijacked by a troll broadcasting graphic hardcore porn. A week after we had our first online event, another group’s large meeting was Zoom-bombed, leaving attendees traumatised.
It’s important to note that Zoom is not the only platform that bad actors can target. We considered a range of different ways to take our meetups online. (That’s a whole other blog post.) Zoom is the go-to app for thousands of communities because it has many great features. Its rapid rise in popularity, combined with the fact countless users aren’t changing the default settings, has meant that it’s the go-to app for many trolls too.
Therefore, before we ran our first event, I did some research into how Zoom-bombing happens and what we can do to prevent it. We then put in place a number of measures which, so far, have meant that we have not had any trouble from bad actors.
For our meetups, we tried to strike a balance between security and convenience. Therefore, the below is by no means a method of making your event like Fort Knox, but will make you less of an easy target.
If these tips help you, please consider buying me a coffee. Thank you!
1) Don’t publish the link anywhere
Bad actors use bots to crawl the Internet for Zoom links so they can join calls. Don’t tweet your Zoom link out or publish it on a web page (eg your event page).
We e-mail our links to attendees 10 minutes before doors open. We never put them on Meetup.com, even though there is a facility which means that only people who have RSVPd “yes” can see them.
2) Allocate tasks
When we first signed up for Zoom, our subscription only allowed us one host and zero co-hosts. This has recently changed, so you can now give co-hosting permissions to other people on the call and anyone with these permissions has the full range of attendee management powers.
However, if you want to run a nice slick event, it’s good practice to identify and divide tasks beforehand anyway.
At LoC we ensure that there are two organisers on every call, both with hosting capabilities. One of the organisers is in charge of watching out for any trouble and dealing with it accordingly, eg removing people from the call.
The other organiser is the “face” of the event: they lead the session and they are the one who presents. They speak to welcome the attendees and any guests, they facilitate any Q&A and close out the meetup. They have hosting permissions so can step in and deal with trouble if things escalate, but they rely on their colleague to make sure everything is running smoothly in the background to ensure a seamless experience for the attendees.
3) Limit the capacity of your meeting
We decided that 40 was a reasonable number of people for the host to feasibly keep an eye on: you can see up to 49 people in Gallery View. If there are hundreds of people on the call and you have the chat function open, it will move faster than you can monitor it. Knowing that we get a 50% attendance rate, whether online or in-person, we cap signups at 80 for our webinars.
4) Log into zoom.us on your computer and tweak your default settings
Link to your Zoom settings page.
a) Enable the waiting room
This is the default setting now, but it wasn’t when we signed up for Zoom.
Enabling the waiting room means you can vet people before you let them into the live call.
If you are running a meeting for people you have personally invited and/or a vulnerable group (eg a paid class or a Scouts meeting), this is invaluable. It gives you the ability to admit only the people you sent the invitation to.
Note: You might not know the names of all your members.
On Meetup.com, a large chunk of the membership uses pseudonyms, initials, first names only etc. Therefore, seeing names in the waiting room may not help you if you are running a meeting where you don’t know all the attendees.
Also, not everyone uses their real name on Zoom. You can mitigate this by enabling the Registration feature so that people have to take an extra step before they can get access to the call.
b) Mute all participants on entry
This does what it says on the tin and removes the risk of people joining and disrupting the meeting with noise. As well as thwarting bad actors, this prevents any unintentional interference from people who haven’t muted themselves.
I am in another group where the demographic is not accustomed to video meeting etiquette and they therefore never mute their mics. Some of them sit there watching videos while they are on the call, which everyone else can hear.
c) Only allow the hosts to screen share
Bad actors have been known to hijack entire meetings by sharing their screen with everyone on the call.
d) Don’t allow participants to annotate screen shares
Bad actors often test the waters by trying to draw on the speaker’s screen share. They will depict things which get progressively more provocative, then switch to trying to share their own screen.
5) Don’t allow participants to unmute themselves
We use the main in-call setting and then switch the self-unmute facility on, per call, when we reach the section where we have a discussion, depending on the makeup of the group (ie only if all the members present are known to us).
If you are running a webinar, there is no need for anyone to be able to unmute themselves unless you want them to be able to vocalise any questions they have. We use the chat function for people to submit questions, which we put to the speaker on behalf of the attendees. Therefore, the attendees are always muted.
6) Lock the call
We usually do this five minutes after the meetup starts. This means that we can relax in the knowledge that the number of people we need to watch is not going to increase. Also, if anyone who legitimately received the link has shared it with the masses, it won’t affect us.
What’s worked for you?
If you find these tips useful, please consider buying me a coffee. Thank you!
Have you taken reactive or proactive measures? Or have you been the victim of Zoom-bombing and needed to use both? Let me know in the comments!