Skip to main content

"Zoombombing" - How to Protect Your Meetings and Respond to Disturbances

Posted Date: 2 Apr 2020

Modified Date: 26 May 2020

Effective Date: 2 Apr 2020

zoom logoUniversities across the country have reported incidents of “Zoombombing”—when unwelcome intruders attend a Zoom session for nefarious reasons. Such intrusions are disruptive and could even result in the unintentional sharing of sensitive information. Northwestern Information Technology (IT) is encouraging faculty, staff, and students to understand the risks and be prepared.

Upgrade to Zoom 5.0 by Saturday, May 30

Zoom users must upgrade to version 5.0 by May 30, 2020. Version 5.0 includes encryption and other security enhancements. After May 30, users with older software versions that try to connect to a meeting will be prompted by Zoom to upgrade. Instructions on how to upgrade are available in the Zoom Help Center.

Reduce the Risk of "Zoombombing"

Before scheduling a Zoom meeting and enabling security features, determine if your session will include Northwestern-only participants or non-Northwestern individuals. Once you identify your audience, please review the guidance below on enabling security features for both types of meetings.

Meetings with Only Northwestern Participants

When hosting a session for only Northwestern participants, the most effective action you can take to limit "Zoombombing" is requiring individuals to authenticate with their University credentials to join. You may also supplement that security effort with added features.   

Meetings that Include Non-Northwestern Participants

When hosting a session that includes non-Northwestern participants, the most effective actions you can take to limit "Zoombombing" are requiring individuals to register and not publicizing your Zoom link. You may also supplement those security efforts with added features.

  • Require registration—Scheduling a meeting that requires registration allows you to have your participants register with their e-mail, name, and other custom questions. You can also generate meeting registration reports if you want to download a list of people that registered.
  • Don’t publicize Zoom links—The more people who know the link to your meeting, the greater the likelihood of it being shared with intruders. If you have meetings that need to be shared broadly or include external participants, read more on Zoom Privacy and Security Settings.
  • Don't use your Personal Meeting ID for public meetings—Once someone knows your Personal Meeting ID, they can try joining your sessions at any moment. Never share your Personal Meeting ID online, and only use it for meetings with people you know.
  • Request a webinar license—For events that do not require participants to share video and audio, a webinar license from Northwestern IT can be requested. Read more information on webinars.
  • Divide up responsibilities—If there are two hosts in a meeting, designate one person as being responsible for technical aspects, such as admitting users to the meeting, removing users, or documenting what happens in case of a “Zoombombing” incident.
  • Set a password
  • Disable "Join Before Host"
  • Enable a waiting room

Use In-Meeting Controls to Avoid Disturbances

Responding to a Meeting Disturbance

While the risk of “Zoombombing” is significantly minimized by following the tips above, it is critical that you have a plan and know how to respond and regain control of your meeting if it is disrupted.

Additional Resources

Back to top