1st April 2020

The COVID-19 pandemic has pushed most of us to be creative on how to pursue with our businesses. Most of us are now holding business meetings online, educational institutions are delivering online classes, some are also delivering exercise classes online, even virtual religious events are being held through video conferencing. One of the most popular platforms enabling such interaction is by far Zoom.

Unfortunately, in the last days, some users of this popular video conferencing platform have reported that their online event was hacked. Uninvited guests attended their meetings, classes, webinars etc and shared inappropriate material. Zoom has in fact acted upon this and last Sunday also updated its privacy notice.

What is happening?

Anyone with a link to an online event organised through Zoom can enter the event and share whatever is on their screen. In some instances, reports included posting of pornographic and more improper stuff in the meetings. These acts have now been termed “Zoom-bomb”.

What to do?

The FBI in Boston has issued a statement about this and asked online event organisers to be more careful and to “mitigate teleconference hijacking threats”. The following measures are being suggested:

  • Meetings or classrooms should not be made public. Zoom has two options through which meetings can be made private: either by requiring a meeting password or through the use of the feature known as waiting room and controlled admittance of guests.
  • Links to the Zoom event should not be shared on an unrestricted publicly available social media post. As much as possible links should be made available to specific people only.
  • Screensharing options should be managed by making screensharing to “Host Only.”
  • Ask users to make use of the updated version of remote access/meeting applications. Zoom last updated their software last January. In this security update, Zoom added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Finally, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Zoom is encouraging users to notify them directly about any instances of Zoom-Bomb so that they can take appropriate action.

We also recommend that you don’t share personal data during such online meetings and make sure that you don’t expose unnecessary personal data when you are screen sharing.

Last Thing

If you are recording the meetings make sure that those participating are made aware in advance. Also make sure that you seek consent if you intend sharing the recording after the meeting is over. The images and voices of the other participants are personal data too.