In the last two months, the use of video conferencing software such as Zoom, Skype, Cisco Webex Meetings, and Microsoft Teams have skyrocketed due to concerns of the coronavirus. The coronavirus has caused government lockdowns and social distancing. Companies were forced to dust-off their work-from-home policies and send employees home with little or no security training. Millions of Americans now have to work, learn, and collaborate from home. In an article on techcrunch.com it was stated that during the week of March 14 -21, downloads for business conference apps topped 62 million.
This increased amount of video conferencing activity has also attracted the attention of a group of people that are coming uninvited into those meetings and creating havoc for organizations. Some of these individuals and organizations are struggling with the applications for the first time while trying to communicate during the pandemic outbreak.
In just a short amount of time, this phenomenon has gained a name: Zoom Bombing.
According to securityboulevard.com, “Zoombombing is when an unauthorized person or stranger joins a Zoom meeting/chat session and cause disorder by saying offensive things and even photobombing your meeting by sharing pornographic and hate images. Imagine if your young kids were participating in an online school meeting, and suddenly it was interrupted in that manner. Well, unfortunately, is has happened numerous times.”
The FBI is busy taking reports of hackers intruding on Zoom video conferences and making xenophobic statements, racial slurs, as well as showing pornographic photos, and hate images. Some of the incidents that have occurred include:
- Trolls have broken into several AA meetings, disrupting several times and mocking participants.
- An Orange County School district sent a letter out to all of its teachers, imploring them to use the “waiting room” option on Zoom. This was after an individual gained access to the video conference and exposed himself to students participating in the video conference.
- At the University of Texas, a Zoom meeting that included black students had to be cut short after an intruder entered the meeting and started using racial slurs.
The good news is that standard cyber hygiene can solve most of those problems that have occurred. The bad news is that many of the people using Zoom do not practice or have not been trained on standard cyber hygiene. Hackers are having a field day because of this lack of experience and cyber training.
If you are going to use Zoom, here are some minor practices that can make your video conference safer:
- Don’t make meetings public –Two options to use;
- Require a meeting password
- Use the waiting room feature
- Do not share a link to the meeting on an unrestricted publicly available social media post. Only provide attendees with the link.
- Manage screen sharing options – in Zoom change screen sharing to host only.
- Use the updated version of Zoom. As of May 8, 2020,the latest version is April 30, 2020.
- Inspect the list of participants
- Disable Join Before the Meeting setting – host should control it from the very beginning
- Lock the meeting, so once your session has started, no one else should join.
Some employees have not received proper cybersecurity training from their organizations. There are thousands of documents on the internet that outline best practices when it comes to securing your digital presence for yourself and your organizations. Following these rules will help you remain safe while on a network. Nothing is 100% hack-proof, but these practices are essential to help prevent intrusion. Here is a list of organizations and their list of the best cybersecurity practices.
FBI Cyber Awareness PDF
Norton Best Cybersecurity Practices for Employees
Center For Internet Security (CIS)
In the coming weeks video teleconferencing use will only increase. Since Zoom Bombing can be effectively curtailed by following simple rules and making the proper settings, you will have the ultimate control over the safety of your video conference.
Thomas Russell, Cyber Education Program Manager