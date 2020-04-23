The new normal requires people to step out of the traditional meeting and classroom space and figure out how to move the face-to-face interactions to online platforms. Doing so is not without its challenges and people who will take advantage of the situation.
Zoom is one video conferencing application that has become popular for group meeting. However, Zoom meetings have become the target of “Zoom bombing,” which is when pranksters and hackers infiltrate meetings, often with graphic or racist content.
Reports of Zoom bombing included a school class that had someone cut in with someone who yelled profanity and gave the teacher’s home address. Another classroom had an individual show up on video showing their swastika tattoos.
On March 30, the Federal Bureau of Investigations Boston Field Office reported the FBI had received several reports of Zoom bombing, including some from schools.
The report suggested the following steps to mitigate teleconference hijacking threats:
• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that the organization’s telework policy or guide addresses requirements for physical and information security.
Eric S. Yuan, Zoom founder and Chief Executive Officer, addressed the security concerns during an April 8 webinar, and on the company website.
“First of all, every meeting should have a password,” he said. “And ideally, only use your personal meeting ID for internal meetings. Otherwise, use a randomly generated meeting ID. The Waiting Room is also great for security, especially for K-12 schools. For business meetings, I normally use a password, and after everyone has joined, I lock the meeting. And for very sensitive meetings, I will only allow authenticated users from the same domain as mine to join the meeting.”
