COVID-19 Legal Update: Video Conferencing Security Tips to Avoid Zoom-Bombing

Companies and individuals are relying more than ever on video conferencing to communicate and conduct business as they adapt to social-distancing measures to combat the COVID-19 pandemic. This has led to malicious actors looking for ways to exploit that technology. In a recent trend known as “Zoom-bombing,” the attacker joins an open video conference so as to disrupt the meeting by displaying inappropriate content. Recently, the FBI warned of “multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.”

The FBI’s press release shared a number of tips to mitigate this threat of Zoom-bombing. These tips provide a helpful security checklist for companies and individuals to follow in their video conferencing:

• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security. 

In addition to mitigating the threat of Zoom-bombing, companies should follow this guidance in order to help safeguard the confidentiality of information shared during video conferences. For sharing certain types of information, a company may also be required to implement further privacy and security safeguards. If you have questions about your company’s specific circumstances or any of the information provided here, please do not hesitate to contact any member of our Cybersecurity and Privacy Practice Group for assistance.