Skip to main content

"Zoombombing" - How to Protect Your Meetings and Respond to Disturbances

Posted Date: 2 Apr 2020

Modified Date: 26 Jun 2020

Effective Date: 2 Apr 2020

zoom logoUniversities across the country have reported incidents of “Zoombombing”—when unwelcome intruders attend a Zoom session for nefarious reasons. Such intrusions are disruptive and could even result in the unintentional sharing of sensitive information. The following how-to videos and step-by-step instructions provided by Northwestern Information Technology (IT) are designed to help faculty, staff, and students understand the risks and be prepared.

How-To Videos: "Zoombombing" Protection

Northwestern IT has created the following video series to provide the University community with guidance for protecting meetings against "Zoombombing."

Reduce the Risk of "Zoombombing"

Before scheduling a Zoom meeting and enabling security features, determine if your session will include Northwestern-only participants or non-Northwestern individuals. Once you identify your audience, please review the guidance below on enabling security features for both types of meetings.

Meetings with Only Northwestern Participants

When hosting a session for only Northwestern participants, the most effective action you can take to limit "Zoombombing" is requiring individuals to authenticate with their University credentials to join. You may also supplement that security effort with added features.

Meetings that Include Non-Northwestern Participants

When hosting a session that includes non-Northwestern participants, the most effective action you can take to limit "Zoombombing" is to use a Zoom webinar. Webinars are designed so that only the host and designated panelists can share their video, audio, and screen. In addition to using a webinar, there are other best practices that can help you host online public events securely.

  • Request a webinar license—For events that do not require participants to share video and audio, a webinar license from Northwestern IT can be requested at no cost. Northwestern IT has secured 500 licenses for webinars with up to 500 participants. One license for up to 1,000 participants is also available on a first-come-first-served basis. Please fill out the Zoom Webinar Request Form at least one week in advance of the event. 
  • Don’t publicize Zoom links—The more people who know the link to your meeting, the greater the likelihood of it being shared with intruders. If you have meetings that need to be shared broadly or include external participants, read more on Zoom Privacy and Security Settings.
  • Require registration—Scheduling a meeting that requires registration allows you to have your participants register with their e-mail, name, and other custom questions. You can also generate meeting registration reports if you want to download a list of people that registered.
  • Don't use your Personal Meeting ID for public meetings—Once someone knows your Personal Meeting ID, they can try joining your sessions at any moment. Never share your Personal Meeting ID online, and only use it for meetings with people you know.
  • Divide up responsibilities—If there are two hosts in a meeting, designate one person as being responsible for technical aspects, such as admitting users to the meeting, removing users, or documenting what happens in case of a “Zoombombing” incident.
  • Set a password
  • Disable "Join Before Host"
  • Enable a waiting room

Use In-Meeting Controls to Avoid Disturbances

Responding to a Meeting Disturbance

While the risk of “Zoombombing” is significantly minimized by following the tips above, it is critical that you have a plan and know how to respond and regain control of your meeting if it is disrupted.

Additional Resources

Back to top