Zoom Bombing - What is it and what can you do about it

The FBI has posted a warning about so-called "Zoom Bombing," explaining that "As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide"

The FBI's recommendations include the following:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.

There is also a particularly nasty and very dangerous bug that reportedly has been patched just in the last few days (beginning of April, 2020). If you are using it, please make sure to update your Zoom software right away, and as often as possible.

From a larger perspective, it's extremely important to ensure that any company devices are properly setup and maintained, according to company policies and security best-practices.

It's important to remember that if you're setting up video conferencing, there are viable alternatives to Zoom - particularly for entities that use Office 365 (Teams), and Google Meet. Note that for those using G-Suite, Google has upgraded their former limit of (max.) 25 participants, per their announcement March 3rd, 2020:

Published April 3, 2020 by David Haines,

coresolutiongroup.com

(413) 584-5115