Zoombombing – a Rising Threat to Your Reputation

During the COVID-19 pandemic, videoconferencing platforms have experienced massive growth in their user base. From December 2019 to April 2020, Zoom has increased its daily users from 10 to 300 million

Many of these newly acquired users used remote meeting platforms for the first time. Businesses rushed to introduce new tools and applications for remote events, leaving more room for error. Thus, cybersecurity and privacy incidents rose by 23% after shifting to remote work, and a new term was born: Zoombombing.

We’re here to give you the lowdown on what Zoombombing is, and how it can negatively impact your company’s reputation. To sweeten the deal, we’ll also reveal how an industry-leading multilingual meetings solution Interactio has held more than 42,000 attack-free events.

What is Zoombombing?

Zoombombing is a process of an unwanted person joining your virtual meeting with the intent to disrupt it. While the term originated from the disrupted Zoom meeting, many videoconferencing platforms, from Zoom to Teams to Webex, are currently vulnerable.

Zoombombing can affect any organization —  an educational institution, business, and even government agencies. 

Is Zoombombing Illegal? 

During the pandemic, the FBI quickly recognized zoombombing as an illegal action. One of the first reported cases happened during a remote class — an unidentified person dialed into the meeting, unmuted the microphone, and “shouted the teacher’s home address in the middle of an instruction.”

Zoombombing is now considered a cyber-crime; any victim of a teleconference hijacking can report it to the authorities.

Zoombombing as a Threat to Your Company

It is crucial to understand the scope of damage zoombombing can inflict on your company. 

First, it can seriously harm your brand image. Zoombombers often use hate speech and include highly offensive messages. While most people will realize that the victimized company does not condone the speech in question, it nonetheless ties your company’s name to bigotry and intolerance, not to mention a lack of cyber security.

Zoombombers can also affect employee and customer morale; they often get into the meetings to share personal information, or threaten the safety of the attendees.

Such incidents quickly spread; even if they happen in a virtual space, the damage is very real. These attacks might make your company employees become significantly less productive, or even consider switching jobs.

How to Avoid Zoombombing?

Here’s a set of tips that will help you avoid zoombombing:

  1. Screensharing is a major source of damage during a zoombombing attack. Ensure that screen sharing is only available to hosts, co-hosts, and specifically authorized attendees.
  2. Make all meetings private and do not share links publicly. Attackers can easily hijack public meetings. If you distribute the link to your meeting on social media, there is a high chance that you will be zoombombed  — so just don’t do it. Avoid reusing the same meeting IDs; hijackers can easily guess and share them around.
  3. It is better to use a waiting room than a password for a meeting. Yes, enabling a password means that the meeting is now private. But if you are organizing a conference, people can spread passwords among each other. The waiting room will give you the ultimate control over who can access your event.
  4. Encourage  (or even require) participants to use their real names. This helps you identify the participants that register for the event.
  5. Disable remote control. Remote control features can cause many issues for a presenter if an outsider takes over their presentation.

A Better Way — How Interactio Prevents Zoombombing

Interactio encourages meeting organizers to adopt a different mindset, and incorporate features such as:

  1. Moderator-only functions. Moderators can lock meetings, remove unwanted guests, and constantly monitor the flow of an event. 
  2. Security Assertion Markup Language (SAML) integration. Event organizers can enable their company’s single sign-on (SSO) to secure the login to a meeting. 
  3. Individual invitations. You can invite a participant individually and avoid leaked meeting links or unauthorized guests. 

Final Words

Zoombombing proves that many crimes are becoming virtual, and it’s crucial to implement appropriate online security measures. A single hijacker can do significant damage to your brand image and acquire sensitive information. 

So remember: if you are not planning to use a specific function – disable it. Building a secure event ecosystem is a shared responsibility of all – event organizers, service providers, and participants.

Photo by Compare Fibre on Unsplash

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].