7 Ways Businesses Can Combat ‘Zoom Bombing’ Right Now

Published in

Coforma

3 min readApr 7, 2020

If you read last week’s Guardian article that called the Zoom app many of us are using for remote conferencing “malware” and freaked out a little bit, you’re not alone.

An illustration of a speaker connecting through a webconference

The article’s title sent some small business owners to their Zoom settings to see whether they were vulnerable to “Zoom bombing.” A play on the relatively benign and playful “photo bombing,” Zoom bombing is a malicious infiltration of a Zoom video conference involving offensive and/or threatening comments aimed at participants.

Here, we’re sharing seven proactive measures you take right now to protect your video conferences from Zoom bombers and tighten your security, whether you’re a Zoom video conference veteran or a first-timer who’s trying to stand up a remote team on the fly due to COVID-19.

1. Require passwords for meetings.

This is the easiest way to prevent Zoom bombing, as it adds an extra layer of complexity over meeting ID guesswork. Find and adjust password settings here: https://zoom.us/account/setting

A screenshot of what the zoom prompt looks like to set up a required password. — Require password settings toggled “on”

If you’re concerned that this will become tedious, don’t worry! Zoom has provided a couple ways to ease the password-requiring experience, and neither of them fundamentally reduces the value of adding the password requirement.

A screenshot of what the zoom prompt for passwords. — Embed and bypass password settings toggled “on”

2. Enable 2-factor authentication (2FA).

2FA is the best way to protect your account, and Zoom has an option to enable it. Just go to https://zoom.us/account/setting/security, flip the toggle on, and apply it to all users in your organization.

A screenshot of what the zoom prompt looks like when enabling two-factor authentication. — Two-factor authentication enabled for all users

**3. Limit sign-in options to those you can control.**

If you currently allow your users to log in using another service, we strongly suggest you limit that to services for which you can enforce 2FA. For example, Coforma enforces 2FA for our users in G Suite, so we have that option enabled as well.

A screenshot of what the zoom prompt looks like when disabling Facebook. — *For other reasons, I recommend avoiding Facebook integration in any situation, really.*

4. Turn on waiting rooms.

This feature can start to feel cumbersome after a while, however, it is the ultimate gatekeeper, since the host has to individually approve/admit participants.

A screenshot of what the zoom prompt looks like when enabling the waiting room feature. — Waiting room enabled for all participants

5. Lock down your security settings.

Make sure all your important security settings (like those requiring passwords or 2FA) are locked by clicking the lock button to the right of the toggles.

A GIF of what the zoom prompt slider bars look and how to lock different options. — Settings are “locked”

6. Turn on guest indicators.

This setting gives you a quick visual reference for whether anyone on the call isn’t part of your organization.

A screenshot of what the zoom prompt looks like when editing the settings to show who are guest attendees. — Guest identity indicator is enabled

7. Mute participants.

Enabling this setting allows the host to control unmuting.

A screenshot of what the zoom prompt looks like when enabling the feature that mutes all guests when they enter a meeting. — Mute on entry enabled

Stay Informed with Zoom’s Latest Updates

Luckily, Zoom is going to be working overtime to address all the security grief coming their way in these crazy times. Keep up with their latest by clicking on notices like these: