How do I keep my meeting secure (and avoid “Zoombombing”)?
“Zoom bombing” refers to when an uninvited individual disrupts a Zoom meeting. When you share your meeting link on social media or other public forums, that makes your event public. ANYONE with the link can join your meeting without the right settings.
To help prevent this issue, meeting hosts should implement measures to protect themselves and their meetings. Below is a list of recommendations for keeping your Zoom at UD meeting secure.
Zoom has created a guide with Best Practices for Securing your Virtual Classroom and a blog on How to Keep Uninvited Guests out of Your Zoom Event.
Table of contents for this page
Options to control meeting access
Option 1: If all meeting attendees are from UD
If all of your meeting attendees are from UD, turn on the authorized authentication setting to best protect your meeting. Participants will need to sign in to Zoom application using their UD credentials to access the meeting.
Option 2: If specific people (Example: Guest Speaker) are outside of UD
If you have a short list of individuals who need to join your meeting, you may use the authentication exception feature by adding their name and email address. These individuals will receive an email message containing a unique link that allows them to bypass the UD authentication.
Option 3: If many meeting attendees are not from UD
If you have a large group of people attending, or do not know their personal email addresses, the Waiting Room or Passcode features are good options to prevent unwanted individuals from gaining access to your meeting. Do not post links and passcodes on social media or publicly accessible sites without additional security.
Option 4: If creating an outreach or public meeting
If you would like to create an open meeting for the public, using the Meeting Registration feature will restrict participants to those willing to give you their email addresses. Do not post links and passcodes on social media or publicly accessible sites without additional security.
Note: the documentation is divided up by how you are accessing Zoom (via app or web). You may see slightly different options based on UD’s global settings and the version of your application.
Report an incident
Please report all Zoom bombings to both Zoom and UD.
Report to Zoom by clicking the green shield icon at the top left of the meeting window and choosing the red Report link. Fill out the form and include a screen shot of the offense if possible.
Remove an unwanted participant
In the event that your Zoom meeting has an unexpected or disruptive guest, as a meeting host you are able to remove them. They will be blocked from re-entering the meeting. If you have too many unwanted participants to manage, end your meeting. Do not publish recordings of classes with incidents.
Before a meeting
Scheduling a meeting is the best time to ensure a safe meeting by following these preventive recommendations.
To get started, access your account from the Zoom application.
- Enable a security setting for your meeting
- Share the meeting link (and passcode) with students as a Canvas Announcement, in your syllabus, or in the Canvas Navigation Bar.
- Ensure that only the host, co-host, or alternative host can start the Zoom meeting.
- Automatically mute attendee microphones and cameras as they join, available through advanced meeting controls when scheduling.
- Set a virtual background to protect your privacy. This option may not be available on all devices.
- Remind invitees to not post or share the meeting link.
During a meeting
- Manage screen sharing and annotation. Participant annotation has been disabled by default. This can be managed, along with screen sharing, from the control bar within a meeting.
- Mute all participants to prevent noise from interrupting a meeting.
- Disable participants video to turn off someone’s webcam from being shared.
- Remove participants from a meeting who might be unwanted or disruptive. Removed participants will not be allowed to rejoin the meeting.
- Turn off file transfers to prevent files from being uploaded and shared.
- Disable private chats to prevent participants from chatting privately.
- Consider locking the meeting after all attendees are present. When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if required).
- Consider posting a reminder about University policies. Faculty may wish to share, at their next class meeting, that students who are found participating in or enabling Zoom bombings will be referred to the Office of Student Conduct. If a student is found responsible for violating policies, they will be sanctioned appropriately.
Addressing a Zoombombing Incident or Other Concern
- Share a message apologizing to participants and offer services. Here is a sample:
Unfortunately, we experienced an incident of Zoom bombing that disrupted our (event/class/etc). We condemn the language, images, and posts used during this incident. They are not in line with the mission and values of the university of Delaware. We apologize that you had to experience this through your connection to our (organization/class/etc). We will be reporting this to University of Delaware Information Technologies. They will share information with the Office of Student Conduct, the Office of Equity and Inclusion, and UD Police as appropriate. We will also be exploring ways to make sure our events are as secure as possible.
We know some of the content was upsetting and jarring. For students, resources are available from the Center for Counseling and Student Development if you need support or would like to process the incident. If you would have other concerns, you can email the Office of the Dean of Students at email@example.com to connect with a staff member.
Once again, we are sorry this happened and please reach out if you need support.
- Reporting to IT
- When reporting to UD IT, please include the zoom meeting ID, the date and the time of the event.
- Security staff may reach out to you to gather other information.
- Security staff will review the logs of the event, as well as any recordings or transcripts and document incidents of concerning conduct.
- Security staff will share information concerning the behavior with the University of Delaware Police, the Office of Equity and Inclusion and the Office of Student Conduct. Those offices may reach out to meeting hosts and participants as needed.
- Reporting to UD Police, Office of Equity and Inclusion, and the Office of Student Conduct.
- As noted above, UD IT will share information with the University of Delaware Police and the Office of Student Conduct as appropriate. Anyone is welcome to report these incidents directly to the University of Delaware Police by sending an email to firstname.lastname@example.org. Information can be reported to the Office of Student Conduct by sending an email to email@example.com. Please include as much information as possible.
- As noted above, UD IT will share information with the Office of Equity and Inclusion if the content is potential violation of the Non-Discrimination, Sexual Misconduct, & Title IX Policy. Anyone is welcome to directly report these to the Office of Equity and Inclusion by completing the form on their website.
- Support resources and information.
- The Center for Counseling and Student Development is available if students need support related to an incident and would like to speak with a counselor. During office hours students may call 302-831-2141.
- If students would like to connect with counseling support after hours, they can access 24/7 support via the UD Helpline at 302-831-1001. Callers can press 1 to request a call back within 10 minutes from a Sexual Offense Support (SOS) advocate, or press 2 to connect with a mental health professional immediately.