Risk Alert: Zoom-bombing.

If you’re using video conferencing more often these days, it’s time to exercise caution.

As churches, businesses and schools turn to online modes to deliver live content during COVID-19 isolation we face the very real and present danger of becoming victims of cyber-crime. The latest target: video conferences.

While there are a range of video conferencing platforms including Skype, Microsoft Teams and GoToMeeting, it is Zoom that has seen a steep rise in popularity and notoriously found itself in the cyber risk lexicon for what’s known as “zoom-bombing”.

PCMag.com defines Zoom-bombing as:

“Disrupting a Zoom video conference by using the screen sharing feature and displaying objectionable material. Zoom-bombing generally forces the conference host to shut down the session.”

Just like the virus, zoom-bombing is a world-wide problem. The US Department of Justice has warned pranksters that “Zoom-bombing” could lead to fines or arrests on a variety of state or federal charges. A recent ZDNet.com article reports that Google, SpaceX, the New York City Department of Education, as well as the Taiwanese, Australian and German governments, have banned employees from using the software until Zoom’s security posture improves. This kind of directive from high-level organisations such as these should give us, as a Church organisation, pause for thought.


How to protect your video conferences…

A “Zoom bomber” can interrupt a video conference by obtaining a publicly shared link or ID, or they may employ the use of automated bots that trawl the internet for meeting ID’s and links. So here are some ways you can mitigate the risk and protect your audiences as best you can:

Keep meeting ID’s and links PRIVATE
Avoid sharing your meeting ID or link on any public forum or social media page, unless you are 100% confident of the security settings and measures you’ve implemented. Zoom bombers can simply do a search for zoom.us and find easy access to your video conference. If your site has an IT team, get in touch with them for options and support.

Set a Password for your meeting
Simple and effective. Make sure you don’t share that password with anyone whom you don’t want to attend the meeting.

Enable ‘host only’ sharing and annotation
This prevents other users from sharing their screen with your audience. Ensure that only the host can annotate (ie, draw notes) on the screen. This option can be accessed from the new “Security” tab in active sessions.

Create random meeting IDs
Your personal meeting ID should not be used for all meetings, generate a new meeting ID each time.

Allow only invited guests
They would need to be signed up with their email or a username and password.

Utilise the waiting room feature
This prevents others from joining the meeting before the host.

Remove nuisance attendees
In the ‘Participants’ tab, hover over the name and click “more” and select the option to remove them. Don’t hesitate to use this feature if someone is being disruptive or offensive.

Close the doors
Lock your meeting once the session has begun and everyone you’re expecting has arrived. This will prevent others from joining the meeting even if access details have been leaked or obtained nefariously.


CYBER DRILLS

The above advice is no good without practice. In the heat of the moment it can be easy to panic and forget where these security settings are, so just like a fire-drill schedule time to test these functions with some of your team beforehand. It will help you to get used to finding the tools you need when it counts.


FIND ALTERNATIVES

We don’t have the authority to mandate what platforms you can and can’t use, but we know that there are alternatives with greater security controls. The Adventist Church’s Digital Discipleship website has collated a list of third-party platforms for live-streaming your church services and other church, school or business presentations which may be helpful.