Businesses everywhere are staying connected and tackling issues collectively with the help of tools like Skype, Zoom, Google Hangouts, and FaceTime. In a time of isolation, these platforms have become a source of community and productivity for hundreds of thousands of people. For hotels, Zoom has become the platform of choice, but an unfortunate side effect of the increase in online conferences and meetings is a rise in security incidents. The main example of this is Zoombombing — when an uninvited person attends a Zoom conference or meeting with malicious intent. These uninvited guests are guessing or finding meeting IDs online in order to intercept sensitive information, disrupt meetings, and even spread malicious software.
What are the risks associated with Zoombombing?
Most of the Zoombombing risks have to do with the sharing of private information or disruption of a meeting. If an uninvited person gets access to an internal meeting, or a call you're having with external partners or clients, they could:
Collect sensitive information about your company or employees
Disrupt your meeting with graphic photos or inflammatory remarks
Place phishing links in the chat
Share viruses through "File Transfer"
Luckily, the negative effects from Zoombombing can be largely avoided with a few tweaks to your security practices and meeting settings.
Discover 10 ways to protect your meetings from Zoombombing:
1. Don’t leave your settings on default.
Some Zoom hosts are new to the software and assume that the platform will work well for their team without too many tweaks. Because of this, many hosts on the Zoom platform choose the default settings when configuring their meeting. However, you may find that these leave your meeting open to people who intend to disrupt it. We’ll outline a few of the specific changes you can make for meetings among your team members and those with outside event planners, vendors, prospects, and guests.
2. Protect your personal meeting ID.
Your personal meeting ID is saved from one meeting to the next, which means that someone who knows it can potentially jump into future meetings you host (as long as it isn’t password protected). For private or internal meetings within your property or brand, share your personal meeting ID securely with participants so that only guests will know it. Use a different ID for each type of meeting or meeting audience. If you’re holding a public meeting, or one with external participants, you can generate a random meeting ID to share.
3. Set a password for meetings and meeting recordings.
Many hospitality organizations are holding internal and external meetings, conferences, and functions through Zoom. If you'd like to host a virtual conference or engage with your community publicly, make sure to set a password for those meetings and share the password securely in order to prevent Zoombombing. Never post the password on public channels like Facebook and Twitter. And while having meeting recordings available for later viewing is a wonderful way to stay connected, make sure that those recordings are also password protected.
4. Know who's on the invite list.
You may be holding meetings with event organizers, prospects, and guests to discuss contingencies and future plans. For these external meetings, it's helpful to know who will be on the call ahead of time. This makes it clear if any unwanted participants have joined your meeting, and it's also good practice for researching the decision-makers involved in your future sales process. Change your settings so that only signed-in users can join, and keep an eye on the participant list for unexpected guests. To do this, navigate to "settings" in the Zoom web portal and enable "Only authenticated users can join meetings".
5. Lock your meeting after everyone joins.
Once everyone has sat down at your virtual conference table, it’s time to shut the door. After all of your invited participants have joined, it’s easy to lock your meeting so that no one else can join. As the host, click “manage participants” at the bottom of the Zoom window. At the bottom of the “participants” panel, click “more.” From the list that appears, click “lock meeting.” Keep in mind that no new participants can join once the meeting is locked, even if they have the password, so double-check that everyone is in the meeting before locking.
6. Play a chime.
If you play a sound when participants join or leave it will be easier to keep track of unwanted guests. Some trolls will try to keep joining the meeting under different names, so playing a sound each time they join will give you a good idea of who the person is before they cause trouble. You can turn on the “heard by host only” setting so that the sound doesn’t disrupt the meeting and bother attendees. For participants joining by telephone, turn on the setting that prompts them to say their names so that you know who is joining the call.
7. Turn off screen sharing.
Much of the mayhem caused by Zoombombing has been related to sharing inappropriate content using the screen share feature. You can turn off screen sharing for participants in your settings so that only the host can share their screen.
8. Disable file transfer.
The in-meeting file transfer option allows users to send files through the in-meeting chat. While this can certainly be beneficial, there's also some risk associated with it, as mentioned above. Turning this off is simple: Navigate to your settings in the Zoom web portal, go to "file transfer" and toggle to your preferred option.
9. Put disruptive guests on hold or mute.
If unwanted guests do show up in your meeting, your first line of defense is putting them on “hold” or “mute.” The hold option puts a blank screen in front of the participant and cuts off the sound from the meeting — this is often used in interviews when team members would like to discuss answers from the participant, or when a subset of the group needs to have a high-level discussion that other team members shouldn’t be privy to. The mute option means that the participant will still hear and see the meeting, but won’t be able to be heard.
10. Remove unwanted participants.
Of course, the simplest and most effective option to deal with unwanted participants is to remove them. During a meeting, click on “manage participants,” click the “more” button next to the participant’s name, and then choose “remove.” Note that this will keep the participant from rejoining the meeting (you can change that setting, too, if needed), but stay alert for the person then joining using a different name.
Put these tips to good use and prevent Zoombombing!
As you navigate the new normal of online meetings, both with your team and external audiences, you can keep things secure and ensure a seamless experience for attendees with these small tweaks. You will likely end up with one mix of settings for meetings with team members, another for small meetings with vendors and event planners, and a third for public events to engage your community. Hopefully these settings keep your meeting secure and give you the space you need to connect virtually.
For more ideas on navigating this unprecedented situation, take a look at our tips for hotel risk management.