Zoom Bombing Solutions

Recommended plan of action: Use both Passwords and Waiting Rooms

  • Use passwords. This is now a standard feature (not an option) on Zoom.
  • Use waiting rooms, with the host managing who enters, and denying entry to unknown visitors.

SECURITY TIPS for standard ZOOM set-up in “settings” in Zoom account

  • Mute participants upon entry (that can be toggled on if needed)
  • Disable annotation, whiteboard, remote control settings (that can be toggled on if needed)
  • Disable screen share for anyone except the host (that can be toggled on if needed);
    When enabled for participants, only allow host to have authority to take over screen share
  • Disable “join before host” so participants can’t enter room before host is present
  • Disable chat window for younger students; use at your discretion with older students
  • Disable using your Personal Meeting ID to set up meetings

SECURITY TIPS while in a Zoom meeting

  • Toggle screen share and other settings on and off for participants as needed
  • Have the “manage participants” side window open at all times

What to do if Zoom bombed

  • Immediately click on “mute all” on the bottom of the “manage participants” side window.
  • Immediately turn on your screen share. This will supersede the hacker(s).
  • Announce to your participants that you will send a new invite in about 15 minutes.
  • End meeting.
  • Generate a new meeting link (with a different meeting number) and email to participants.

Zoom user management tips

  • Enable embedding of password in Zoom invitation link to allow invitees to go to the meeting with one login click (they don’t need to type the password).
  • Enable nonverbal feedback, and teach participants to use “raise hand” and “reactions” emojis.
  • If a user re-names themselves, it must be a recognizable name (such as changing a parent’s name to the student’s name)

Restricted Domain (only pmfs email)

Passwords

Waiting Room

+

+

+

Very hard to circumvent

Need to assign email address and email access to every student

Passwords are now auto-generated by Zoom. You can choose for these to be embedded in the invitation link for 1-click login in by invitees.

Embedded links give password access to anyone with the link, so participants should not share them.

It is an effective way to screen participants.

A person unknown to the host (such as a parent’s work email) might be screened out.

It will mean that Zoom links can’t come from parent or personal emails who are not part of the school

It’s more work for the host to monitor those in the waiting room and approve as needed, particularly once a class or meeting is happening.

There may be a way to add approved emails to a restricted domain, so that parent emails would be approved.

Those entering the waiting room see a message on screen that they are in the waiting room, and will be admitted soon.

*Note: One article recommended that schools use a single sign-on provisioning tool so that school technology administrators can control permissions and privileges for staff accounts, and disable features that are unnecessary or inappropriate. These are services by various types of data management and/or IT security companies provided to institutions for a fee, usually on an annual subscription basis.