Zoombombing: How to prevent it
Leading video conferencing providers are racing to update software in an effort to address security concerns including Zoombombing.
Zoom is the latest to release a new update after it was revealed that widespread “Zoombombing” was taking place, where unauthorised people could hijack meetings by getting hold of meeting ID’s and either disrupting proceedings or remaining silent and eavesdropping.
Many Meeting ID’s are freely visible by doing a Google search so it’s vital to keep credentials for meetings private to just the participants to help keep things secure.
If you are using Zoom, there are several tips to help your meeting stay private:
- Avoid using your Personal Meeting ID and instead use per-meeting ID’s, giving you a new ID for each meeting. You should also specify a different password for each meeting.
- Make sure you enable the Waiting Room feature. This allows the host to be notified of anyone as they attempt to join the meeting. Anyone unauthorised can be blocked out.
- Disabling the Join Before Host feature can also prevent disrupters entering the meeting before you.
- Screen sharing, remote control and file transfers should also be disabled for non-hosts.
- Once everyone had joined your meeting you can then lock the meeting to prevent anyone else from joining.
Some expert “Zoombombers” can still skirt some of these security features but Zoom have pledged to stamp out issues over the next 90 days.
Zoom are by no means the only platform linked to security issues. The owners of Houseparty have offered a $1 million reward for evidence that they are the subject of a viral smear campaign after being accused of lax security following reports of hacks to Netflix, Spotify and PayPal accounts. Epic Games, who bought Houseparty in 2019, says it believes there is no evidence of of hacks taking place.
Even so, it’s a timely reminder that millions of businesses using online video conferencing software are potentially putting their secure company data at risk.
Conflict International’s Cyber Security team can check the security of your infrastructure with a Penetration Test. We specialise in protecting you from external threats but also making sure your confidential information remains confidential.
Please get in touch if we can help you on +44 (0)20 7917 2939 or email us in the strictest confidence email@example.com.