DEVENEY Crisis Blog - June 2021 - Zoom Hacking

Having Your Videoconference Hacked is a Real Threat

Remote working during the pandemic caused most of us to adapt into online meeting masters. We regularly host team meetings, contact our customers, and conduct all sorts of business via the myriad of online meeting platforms. We have grown more comfortable with these platforms and types of meetings, and activists have identified them as a vulnerable point in most organizations - and have become masters of Zoom hacking.

You have probably seen a photo where a toddler, animal, stranger, or loved one unexpectedly appears as a “photobomb”. While those accidents can be amusing, when someone gains access to your online business meeting to disrupt you or with criminal intent, it is anything but funny.

A couple of months ago a group of protestors wanting to disrupt and harm a client of ours targeted an important videoconference critical to their mission. We were able to make some adjustments to the meeting platform and some recommendations to the organizers to protect the gathering, the attendees, and the organization. With the tips and insights below, you will be able to protect yourself and your organization, while enjoying all the benefits this technology affords us.

Any Zoom video call has the potential to be attended by people not formally invited to the meeting. “Zoom Bombing” occurs when unwanted visitors or hackers disrupt a Zoom meeting by Zoom hacking. They can modify aspects of the call such as unmuting themselves, sharing their video, or sharing their screen (possibly sharing inappropriate or inflammatory content).

While we are referring to these intrusions as “Zoom Bombing”, the same principles apply whether you are using Zoom, Google Meet, Microsoft Teams, WebEx, or any other format.

These online meeting platforms are designed to be easy for your entire team to access. They provide virtual face-to-face communication and for remote workers, provide a solid base for team building and productivity.

Unfortunately, they can also be relatively easy for unwanted visitors to access unless you take some precautions before starting your meeting. While you would think that hackers may not be interested in your weekly update with your team, they may be interested in disrupting your organization. And they may find great interest in calls involving business strategy, earnings reports, or other critical operational matters.

Speaking specifically about Zoom, the top recommendation to protect from potential Zoom hacking threats is to create a Zoom webinar instead of a Zoom meeting. You can still invite anyone you want, but because webinars are in presentation format, they are less likely to be hacked. With a paid Zoom account, you can run a webinar versus a meeting. You may want to investigate whether your organization has (and uses) a paid account; the size of your organization and need for meeting attendees may dictate which type of account you need. Typically, free Zoom meeting licenses can host up to 100 attendees, and a paid subscription can hold up to 1,000 attendees.

And here are several other ways to safeguard your online meeting from disruption.

Disable Guest Screen Sharing

By restricting screen sharing to the host, you can prevent anyone else from being able to display what is on their desktop. It will not stop anyone from joining your meeting, but it will at least keep them from taking over the meeting and sharing inappropriate material, aka Zoom hacking.

Require Host to be Present for the Meeting

This tactic ensures that nothing can start without you or selected representative(s) from your team as the primary host. Sounds simple, but often the account may be registered with the CEO, IT, or other executives. Be sure to check should others in your organization lead meetings.

Keep the Meeting ID Private (if possible)

Do not share the details on social media if you do not want members of the public (or Zoom hacking enthusiasts) to join.

Use a Password

This tactic is easy to do and can have an immediate impact. Share the password with only those individuals you intend to include in this meeting.

Use the Waiting Room

Aptly named, the “waiting room” places anyone who is not the host into a virtual waiting room. This tactic ensures the host can see who is in the waiting room and admit only those individuals they are expecting.

An additional level of security to consider is only allowing access to users who are signed in and sharing their REAL name and photo, and cross-referencing with those invited to participate.

Troublemakers Not Welcome

If someone joins and begins causing a ruckus, you can (and should) kick them out. When hosting meetings be sure everyone knows the rules – especially if you anticipate some controversy or conflict with participants.

To remove someone from your Zoom meeting, go to “Participants Menu” and hover over a participant’s name – you will have the option to remove them, among other options. If someone is kicked out, they cannot rejoin.

Mute All Participants

If you are hosting a meeting where a presentation is being made, you may want to mute all participants to avoid interruptions. You can turn this function off when the presentation is over, or you can use an option for people to raise their (virtual) hand when they want to speak.

There is also an option for people to unmute themselves. As the meeting host, you can (and should) decide if you want everyone to be able to do that; you can utilize this function to decide who can speak in the meeting.


Expanding your online meeting options to include large videoconferences is increasing in popularity as many are still reluctant to travel or be in part groups. Like Zoom meetings, virtual conferences are new to many but can be utilized successfully in your organization. Like other online meetings, there will be a waiting room and a “Main Event” room. Think of it as the General Session or gathering place for everyone to join, hear the keynote speaker, get announcements, etc. Only the host and co-host(s) will have control of this room.

Breakout sessions/rooms can be set up easily through Zoom to allow conference participants to get the specialized information and training they seek from the conference. These rooms can be pre-programmed with users pre-loading files for all participants to view. You can also assign Zoom attendees into their breakout rooms before the event starts. Breakout rooms can have individual names to make it easier for attendees to find the sessions they want to attend. When it is time to return to the main conference room, attendees can exit their breakout sessions anytime.

Quick List of Things to Keep in Mind for Seminars, Conferences, and Online Workshops:
  • Set security to allow control of audio/video only for host and co-host
  • Require attendees to raise their (virtual) hand to speak
  • Limit who has access to the meeting
  • Set a password and keep it secure
  • Monitor chat functions
  • Files can be shared in chat if necessary
  • Record the session

To their credit, Zoom knows it has had security problems and has made multiple efforts to remedy them. Two recent fixes are specifically targeted to stop unwanted or disruptive actions in meetings.

You can now "Suspend Participant Activities," which gives the meeting host the ability to put the meeting on pause, remove disruptive participants, and then resume hosting the meeting.

Another gives everyone in attendance the ability to report others who are trying to disrupt a meeting. This function, "Report by Participants," is new for everyone who takes part in a Zoom meeting and does not restrict the reporting ability to just the host and co-host.

Zoom and other online meeting platforms have quickly become commonplace necessities, and for the most part, are secure. Putting in some extra security measures is a prudent move and may give your employees as well as members and customers an added boost of confidence in how you are protecting them online as well as in person.