Zoom Security
Preventing Zoom Bombing
The growing use of video conferencing tools has seen an uptick in hacking activities. Zoom is a foundational tool for video telecollaboration within the California State University system and is supported by the SDSU IT Division. Many Zoom users have experienced "Zoom Bombing," which is a tactic employed by Internet trolls to disrupt Zoom meetings that have been posted publicly or, otherwise, have reached a public audience. The trolls join your meeting and disrupt your session with the goal of causing disorder by saying offensive comments or displaying explicit images or videos.
There are several recommended security settings that will prevent unauthorized guests from attending your Zoom meetings. For more information, please visit SDSU's Best Practices to Prevent Zoom Bombing.
Frequently Asked Questions
Zoom-bombing is when an unauthorized/authorized attendee joins a Zoom meeting session in order to cause disorder by saying offensive things and/or sharing unwanted images such as pornographic and hate filled images.
SDSU has published a guidance document detailing tactics that will minimize "Zoom Bombing" attacks.
Yes. Zoom has become one of the most popular online conferencing and collaboration platforms. Zoom usage jumped from 10 million at the beginning of March to over 200 million now, and it is still growing. With its growth in popularity, a greater number of scrutiny has been introduced. Zoom has, however, worked to quickly respond by fixing several of the reported vulnerabilities.
SDSU has compiled a number of best practices recommendations to protect your Zoom meetings from "Zoom Bombers."
In addition, Zoom offers a number of security options to prevent unwelcome participants from joining your meeting or to limit their ability to share inappropriate content.
To learn more, visit How do I secure my Zoom meeting? If you are using a personal computer you must update the client as the latest clients are available.
To check the version of the Zoom client installed on your computers or mobile device see the “Viewing the Zoom version number” article.
There are additional settings that can be enabled to further secure your Zoom meetings. They are provided here for guidance:
-
Create a waiting room
Another way to avoid Zoom-bombing is by creating a waiting room. Managing meeting participants is key: by enabling the waiting room feature, participants can’t get into the call until you — the host or co-host(s) — lets them in.
-
Disable Private Chat
Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat with each other during your meeting. This prevents anyone from getting messages during the meeting.
-
Restrict sceen sharing to host only.
Ensure that only the meeting host can share their screens. Select "Host Only" by default. If during the meeting screen share is needed, it can be easily enabled.
-
Disable removed participants from rejoining
When you kick someone out of your meeting for any reason, they should not be able to come back in. Turn this setting off.
-
Use the Security Toolbar Icon
Zoom's security features, which had previously been accessed throughout the meeting menus, are now grouped together and found by clicking the Security Toolbar Icon in the meeting menu bar on the host's interface.
-
When in doubt, kick them out
If a disruptive participant manages to get into your meeting, you have the option to kick them out. To do so, click the “Participants” button, then mouse over the participant’s name and select “Remove.” Once removed, they won’t be able to rejoin.
-
Prevent participants from renaming themselves
Upon entering a Zoom meeting, participants are automatically given names based on their Zoom account or their computer’s username. These names are displayed in the participant panel and on the video thumbnails. By default, participants can opt to change their names in the Zoom meeting, and the host can choose to rename participants too. Click the “Security” button on the Zoom control bar. Under the heading “Allow participants to:” click on “Rename Themselves,” and ensure there is no checkmark next to "Rename Themselves."
Get Help
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.
https://it.sdsu.edu/get-help
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: