Zoom has become a staple of COVID-19 stay-at-home life. Sadly, so has zoomboming – the practice of mischievous people joining other people’s sessions without permission, and, sometimes, of their displaying inappropriate content to participants. Likewise, other security problems have wreaked havoc for many Zoom users.
To keep your Zoom sessions safe and private here are some simple-to-follow tips:
1. Password protect your sessions
In 20 years of using web conferencing (yes, I started using the technology in 2000), I have never been “zoombombed” or the like, probably because I password protect every online meeting that I host. If mischievous parties don’t know the password to your calls, they will not be able to easily join, and they are likely to move on to targeting someone else.
2. Use a Waiting Room
Using a waiting room prevents other participants from interacting with one another before you, as the host, join a session; the waiting room also allows you filter who can join. Zoom offers you the ability to send all participants to a waiting room, from which you can either admit everyone in one shot, or select participants individually to admit into the session. (At least some versions of Zoom also allow you to permit participants who are pre-registered with you or your organization to skip the waiting room altogether, so only the “more risky” participants have to wait to be admitted.)
You can also turn off the Join Before Host option.
3. Lock your sessions
Once all of the invited participants have joined a session, or after some period of time after the start of a session, lock the session so that no additional parties can join. Locking a session is the online equivalent of not allowing people to enter a class after a particular school bell has rung, or to enter a theater after a performance has begun. To lock a session click the button that says Lock Meeting in the Participants pop-up.
4. Never use a general meeting room name
Zoom and various other services offer the ability to create a personal name for a meeting room. (Zoom offers this feature to only paid users.) While using such a name adds convenience, it also increases the odds of problems. In 20 years of using web conferencing I have never used a personal meeting name, because using such a name essentially creates a perpetually-living reusable meeting room that is far more prone to abuse than a single-use meeting room with a fleeting lifetime; use only meeting IDs that consist of some “random” number (or string of characters, in the case of some non-Zoom products).
5. Limit screen sharing
Unless there is a need for others to share their screens, set screen sharing to be available to only yourself – the host. This setting is now automatically set by Zoom as the default for accounts used by schools.
6. Prevent private chatting
If possible, disable the ability of participants to private message one another.
7. Remove troublemakers
Periodically scan the list of session participants and remove anyone who does not belong – Go to the Participants menu, and, if you find an offender, simply hover your mouse above his or her name and select REMOVE when the hover-over menu appears.
Likewise, if any participant is causing problems during a Zoom session, you can easily remove him or her.
Participants who are removed from a session cannot rejoin it using the same login information.
8. Never use Zoom for secret conversations – and understand that it may be hackable
Keep in mind that Zoom itself is not an appropriate platform for secret conversations, and that the software, like all other packages, may have exploitable vulnerabilities within it. With Zoom receiving so much usage at the current time, it is a prime target for hackers seeking to identify and exploit such vulnerabilities. As such, you may wish to consider using Zoom only on devices that do not have sensitive data on them, and whose microphone and camera are not placed in sensitive areas. Also, realize that while you may have to use Zoom for some meetings because the hosts have chosen to use it as their platform for communication, it may not be the ideal platform for you to use for your own meetings.
9. Avoid sharing meeting login information on social media
When possible – and I know that it is not always possible – do not share on public social platforms the login details for meetings. Instead advertise the meeting, but require people to sign up – and check the list of participants before emailing out the login information. Private meetings should NEVER be announced on public social media. Don’t feel bad if you have not been careful about this, the Prime Minister of the United Kingdom tweeted out session information and User IDs for a Zoom session with his cabinet. (In my opinion he should not be using Zoom for this purpose in the first place – see item 8 above.)
10. Be aware of your surroundings – and make sure others at home are aware that you are Zooming
Check your camera’s field of view before you enable it during a Zoom session, and warn everyone at home that you are sharing your camera and microphone. There have already been many embarrassing incidents in which people walked into the field of view of someone else’s Zoom session – sometimes while undressed – or said private things out loud that were then broadcast to others.
If, like me, you have confidential client data (documents, drawings, diagrams, etc.) stored in your home office, consider video calling from another location as an extra precaution against inadvertently compromising confidentiality. (If that is impossible, be absolutely sure to put everything out of sight before enabling your camera.)