Zoombombing: How to Stay Safe During Your Zoom Video Calls

Lock down conference calls for privacy and safety from Zoom-bombing

Zoom is by far one of the most popular video conferencing apps available. It has a lot to do with the fun things you can do in Zoom, including changing your background for a call. There’s also the fact that Zoom is easy to set up and start using. And oh, yeah. It’s free. Unfortunately, after breaches caused by security holes in the Zoom application involving a tactic called Zoombombing, Zoom security has come under fire.

Instructions in this article apply to Windows and Mac operating systems. Where possible, notes about making changes in the iOS and Android mobile apps have also been added.

Fortunately, you can improve most of Zoom's security issues with a few tweaks to the software. Here's what you need to know.

How Secure is Zoom Video Conferencing?

One of the issues users have experienced is other people hijacking meetings—called ZoomBombing—and then screaming obscenities, showing pornography, and exhibiting other nuisance behavior to disrupt meetings. ZoomBombing is possible, in some cases, because of a security flaw in older versions of the Zoom application.

Zoom, like many applications, is installed with a set of pre-defined defaults that determine some of the security level of the application. Also, like many applications, the default settings are designed to make the program easier to use for the majority of users. What that means for you is that many security features that would help protect the security of your calls are turned off.

It's easy to turn those features on, though, once you know where they are and what they do.

Make Sure You're Using the Correct Zoom Site

Before you get started, make sure you're accessing the correct Zoom site. The official address for Zoom is https://zoom.us. If you have visited or downloaded software from any other zoom site, then you are at risk of having installed fake software on your system that could put your security at risk. You should immediately uninstall the application and then run a full antivirus scan to ensure your system has not been infected by malware.

How to Make Sure Zoom is Updated

The first step you'll need to take to ensure your Zoom is secure is to update it to the most recent version available.

If you're using Zoom on a mobile device, you should be able to update the app from the Apple App Store or update it from the Google Play Store for Android, depending on the device you're using.

Here's how to make sure you have the most up-to-date version of Zoom possible:

  1. On either Windows or Mac, open the Zoom app and click your Profile icon in the upper right corner.

    Screenshot of the location of the Profile icon in the Zoom app.
  2. From the menu that appears, click Check for Updates.

    Screenshot illustrating how to find the Check for Updates option on Zoom.
  3. Zoom will check for updates. This may take a few minutes. If an update is available, you will be given the option to update the application. Click Update.

    Screenshot of an available update in the Zoom app.
  4. Zoom will update and restart. You'll need to sign back into your Zoom account when the update is complete.

At the time this article was published, the current version of Zoom (4.6.8 for Windows, macOS, and Android) was released on March 23, 2020. Version 4.6.9 for iOS was released on March 27, 2020. If you want to ensure that you are indeed updating to the most recent version of Zoom, you can find information on their Release Notes page.

Change Zoom's Default Security Settings

Once you know your Zoom app is up-to-date, then you can begin to tweak and adjust the default security settings to further increase the security of your application.

  1. To find these security settings, click the Settings cog in the upper right corner of the Zoom app. This will open the Settings dialog box.

    Screenshot of the Settings in the Zoom app.
  2. In the Settings dialog box, got to Profile and click View Advanced Features.

    Screenshot of the View Advanced Features option in the Zoom app.
  3. That will take you to the Settings page on the Zoom website. There you should make several adjustments. First, under Schedule Meeting you should deselect Join before host to turn this option off. This will place participants that join the meeting before you (as the host) arrive in a waiting room until you're online. This helps ensure nothing happens that you aren't aware of.

  4. Then scroll down and select Only authenticated users can join meetings to turn it on. This will require you to provide a method of authentication when you schedule a meeting which users will need to provide when joining a meeting.

    Alternatively, you can select the Require a password when scheduling new meetings option to turn it on. In that case, a password is generated when the meeting is scheduled and participants are required to enter that password to join the meeting.

  5. Further down the page, select Mute participants upon entry to turn it on and automatically place incoming participants on mute. The users can still unmute themselves, but this helps to reduce disruptions from unexpected noise when joining a call.

  6. Next, under In Meeting (Basic) click the checkbox next to Prevent participants from saving chat. This will keep meeting participants from saving copies of chats that can be shared outside of your meeting.

  7. Make sure the option for File transfer is turned off (unless it's needed) to prevent participants from sending unwanted files to the host or other participants in the chat function.

  8. Under Screen sharing further down the page, change the screen sharing option to Host Only. This will prevent participants in a meeting from taking over the screen.

  9. Keep scrolling and ensure Allow removed participants to rejoin is turned off. This way, if you eject someone from a meeting they cannot return to the meeting.

  10. Under In Meeting (Advanced) ensure that the option for Far end camera control is turned off so that no one else can take control of your camera during a meeting.

  11. Scroll a bit farther to turn on the Waiting room option. This option prevents attendees from joining a meeting without permission from the meeting host. This is one of your best options for stopping uninvited attendees.

Adjust Zoom Security Settings When Scheduling a Meeting

The settings you just adjusted are default settings. These will remain set for every meeting that you schedule, unless you change them. There are also some settings you can tweak when scheduling a meeting to improve Zoom security.

You can make these changes in the Zoom app or on the Zoom website. The images included below are specific to the app.

  1. To schedule a meeting, click Schedule from the Zoom app Home screen.

    a Screenshot of the Zoom app showing the Schedule option.
  2. The Schedule Meeting dialog box opens. Complete the meeting information and then click the checkbox next to Require meeting password to generate a required password that users must use to enter the meeting.

    Share this meeting password judiciously, because anyone who has the meeting link and the password will be able to join.

  3. Next click to expand the Advanced Options section.

    Screenshot of the Advanced Options link in the Schedule meeting dialog box of the Zoom App.
  4. In the Advanced Options section place a checkmark in the boxes next to Enable waiting room and Only authenticated users can join: Sign in to Zoom. Also be sure to deselect the option to Enable join before host. This will keep participants waiting until the host joins the meeting.

You can also select or deselect other options that meet your requirements for the meeting you are scheduling.

A Final Note on Zoom Security

As with any application, Zoom security is only as good as the hosts and participants that use it. Be sure you're meeting your responsibility when using the Zoom app or Zoom on a mobile device or on the web. Here are some tips:

  • Make sure you have a firewall and appropriate computer security in place and active.
  • Keep your computer, firewall, antivirus, and network up-to-date.
  • Be careful who you share your meeting invites with, and request that participants whom you invite to meetings also not share the meeting invites.
  • If possible, hosts and participants should use a VPN to increase security while using Zoom (or doing anything online).

Finally, keep in mind that Zoom is web-based. Whether you're using it from your computer or a mobile device, internet access is required to conduct and participate in Zoom calls. As such, use the same caution you would use with anything that you do online.