Zoom is the video calling app of choice during the COVID-19 pandemic. Unfortunately, some features make your meetings susceptible to hijacking. Learn how to stop bad actors and keep your calls secure.
By Jill Duffy
Updated April 10, 2020
Video calling app Zoom has seen a flood of activity recently, as people across the world shift to remote work, schooling, and socializing due to novel coronavirus. A representative for Zoom said via email that in December 2019, Zoom saw an average of 10 million daily meeting participants. In March 2020, that number was 200 million. More activity means more bad actors looking for vulnerabilities and other ways to exploit the app. That’s how the term Zoom-bombing came to be.
In a few instances of Zoom-bombing, according to a report from Inside Higher Education, students exploited a screen sharing feature that hadn’t been locked by the instructor to put up pornographic and racist content for everyone on the call to see. In this and other cases of Zoom-bombing, the problem wasn’t a technical hole in security. It was this: Zoom has a few special features that make a meeting more secure, and these features were not enabled by default. Anyone using the app for the first time could easily not know about these features, leaving their meetings vulnerable. The company acknowledged and addressed the issues quickly, rolling out a new Security button that’s easy to see and gives meeting hosts more immediate access to tools they need.
The best way to stop Zoom-bombing is to prevent it in the first place. You can do this by using the new Security options during an active call, but also in advance by enabling or disabling the right settings. Preventing a battle is better than having to fight one.
Not every setting is available to free Zoom users, and when that’s the case, there’s a note at the top letting you know. Beyond maintaining control of your meeting, here are some other Zoom tips that will help you look like a pro.
1. Update Your Zoom Apps
If you want to see that new Security option in your meeting toolbar when you host meetings, you must update our app. Check for and install updates on all devices where you use Zoom.
2. Use a Unique ID and Password for Calls
When you create a Zoom account, the app assigns you a Personal Meeting ID (PMI). It’s a numeric code that you can give out to people when you want to meet with them. However, you have a second option, which is to generate a unique ID instead of using your PMI. Let me explain how they’re different.
The PMI is handy in specific circumstances. It’s wonderful for recurring meetings with a small group, like a weekly team meeting or a one-on-one. You can use it over and over, and it never expires, so people can join without having to hunt down this week’s login code or link. It’s always the same. However, once you give out your PMI, anyone who has it can try to butt into your meetings at any time. If someone knows you’re due for a meeting and has your PMI, then it’s very easy for that person to crash it.
The unique ID is different every time you schedule a new meeting. As a result, it’s inherently more secure.
There’s one more layer of security you can add here, a password. Previously, when you scheduled a Zoom meeting, the app would use your PMI and no password by default. Now those settings are swapped. The default is a unique ID with a password, which Zoom generates automatically. You can change that password if you like. You can also choose to add a password to a PMI meeting, and in that case, you must choose your own password, as Zoom will not generate one for you. Once you set a password for PMI meetings, all future meetings will require it, too.
3. Create a Waiting Room
A Zoom call can start one of two ways. It can start the moment the first person logs onto the call, or it can start when the host says it should start. For small groups of people who know each other, it’s common for people to log in and make small talk while waiting for everyone else to join. Chit-chat can be beneficial, especially for remote workers and classmates who don’t get much face time with one another. For some kinds of calls, however, you might not want to let participants chat with each other or even let the call officially start until you, the host, are ready.
In that second case, the solution is to create a Zoom Waiting Room. When participants log into the call, they see a Waiting Room screen that you can customize. They can’t get into the call until you, the host, lets them in. You can let people in all at once or one at a time, which means if you see names you don’t recognize in the Waiting Room, you don’t have to let them in at all.
The new Security button has an option to enable a Waiting Room after your call has already started. Creating a Waiting Room, in this case, will prevent anyone from popping onto your call unexpectedly.
4. Make Sure Only the Hosts Can Share Their Screen
Don’t let anyone hijack the screen during a Zoom call. To prevent it, make sure your settings indicate that the only people allowed to share their screens are hosts.
You can enable this setting in advance as well as during a call.
In advance, go to the Zoom web portal (not the desktop app) and in the settings navigate to Personal > Settings > In Meeting (Basic) and look for Screen sharing. Check the option that only the host can share.
During a call, you can use the Security button to change the setting. You can also click the up-facing carrot next to Share Screen and choose Advanced Sharing Options. There, choose to only let the host share.
While sharing your screen or an image, Zoom has a great feature that lets participants annotate what they see. For visual collaboration, it’s amazing. For naughty participants, it might seem like an invitation to bomb your call. You can disable the annotation feature in the In Meeting (Basics) section of your web account.
5. Create an Invite-Only Meeting
This feature is for paid Zoom accounts only.
One way to restrict who can join your Zoom call is to make it an invite-only meeting. That means the only people who can join the call are those you invited, and they must sign in using the same email address you used to invite them. It gives you much more assurance that people are who they say they are.
There are a few ways you can enforce an invite-only meeting, depending on the type of account you have. The long and short of it is to look for an option called Authentication Profiles.
Once you have that setting enabled, anyone else who tries to join your meeting will see a notification on screen telling them that the meeting is for authorized attendees only.
6. Lock a Meeting Once It Starts
If you start a meeting and everyone you expect to join has, you can lock the meeting from new participants. While the meeting is running, navigate to the bottom of the screen and click Participants. The Participants panel will open. At the bottom, choose More > Lock Meeting.
7. Kick Someone Out or Put Them on Hold
Sometimes an unruly participant manages to slip through the cracks. As the meeting host, you do have the power to kick someone out of a call or put them on hold.
To kick someone out: During the call, go to the Participants pane on the right. Hover over the name of the person you want to boot and when options appear, choose Remove.
By default, an ousted guest cannot rejoin. What to do if you make a mistake? You can allow a booted party to rejoin. Enable this feature by going to the web portal and navigating to Settings > Meeting > In-Meeting (Basic). Toggle on the setting called Allow removed participants to rejoin.
Alternatively, you can put someone on hold. During the call, find the video thumbnail of the person you want to put on hold. I like to think of it as putting someone in a time-out. Click on their video image and select Start Attendee On Hold. Once they’ve learned their lesson, you can press Take Off Hold in the Participants panel.
8. Disable Someone’s Camera
Hosts can turn off any participant’s camera. If someone is being rude or inappropriate on video, or their video has some technical problem, the host can open the Participants panel and click on the video camera icon next to the person’s name.
9. Prevent Animated GIFs and Other Files in the Chat
In the chat area of a Zoom meeting, participants can share files, including images and animated GIFs—if you let them. If you’d rather not, then be sure to disable file transfer. It’s on by default, so you have to actively disable it.
For your own meetings, open Settings in the Zoom web app (it’s not in the desktop app). On the left side, go to Personal > Settings. Then click In Meeting (Basic). Scroll down a little farther until you see File Transfer. That’s where you can disable it.
Administrators of paid Zoom accounts have even more options for exactly how to disable file transfer for certain meetings or certain groups.
10. Manage Who Can Chat
If you’re hosting a Zoom call and have invited strangers to join, someone in your crowd could harass another participant by sending them private messages. Or people could start talking behind your back. You can prevent this by disabling private chat. When you disable private chat, it doesn’t affect the public chat, which everyone on the call can see and participate in.
Open Settings in the Zoom web app (it’s not in the desktop app). On the left side, go to Personal > Settings. Then click In Meeting (Basic). Scroll until you see Private chat. When the button is gray, it’s disabled.
You may want to manage the chat in other ways, too. From an active meeting, click on the Chat icon in the toolbar at the bottom. A chat panel opens on the right side. At the bottom, click on the three dots and decide who participants can chat with: no one, host only, or everyone.
Use These Additional Settings for Large Meetings
Not all Zoom disruptors are bad actors. Sometimes participants make mistakes and don’t realize that a yapping dog or crying child is causing a disturbance for everyone else. Or someone might accidentally upload a file they didn’t mean to. Any time you host a meeting of more than one or two people, there are some settings in Zoom you should review and familiarize yourself with before the call.
Mute participants. Did you know the host can mute and unmute an individual or everyone on a call? While the call is ongoing, click Manage Participants at the bottom of the Zoom window. The Participants panel opens, and you can individually mute people and disable their cameras by clicking the microphone or camera icon next to their name. The option to mute everyone at once is at the bottom of this pane.
Mute upon entry. You can also mute everyone automatically when they join a call. Before the call starts, go to the web portal and navigate to Settings > Meetings and choose the meeting. At the bottom of the screen, click to Edit the meeting. Look for Meeting Options and check the box next to Mute participants upon entry.
If you didn’t set it up ahead of time, you can still mute people upon entry when you start the meeting. In the same panel shown above, look for the More option. Click it and choose Mute participants upon entry. You’ll also see an option here to let participants unmute themselves. That’s a useful setting if you want people to be able to speak up or ask questions at an appropriate time.