Having Your Videoconference Hacked is a Real Threat


John Deveney

Remote working during the pandemic caused most of us to adapt into online meeting masters. We regularly host team meetings, contact our members, and conduct all sorts of business via the myriad of online meeting platforms. We have grown more comfortable with these platforms and types of meetings, and activists have identified them as a vulnerable point in most organizations. 

You have probably seen a photo where a toddler, animal, stranger, or loved one unexpectedly appears as a “photobomb”. While those accidents can be amusing, when someone gains access to your online business meeting to disrupt you or with criminal intent, it is anything but funny. 

A couple of months ago a group of protestors wanting to disrupt and harm a client of ours targeted an important videoconference critical to their mission. We were able to make some adjustments to the meeting platform and some recommendations to the organizers to protect the gathering, the attendees, and the organization. With the tips and insights below, you will be able to protect yourself and your credit union, while enjoying all the benefits this technology affords us. 

In this edition of Investment in Crisis Management Series we are going to address “Zoom Bombing”. Any Zoom video call has the potential to be attended by people not formally invited to the meeting. “Zoom Bombing” occurs when unwanted visitors or hackers disrupt a Zoom meeting. They can modify aspects of the call such as unmuting themselves, sharing their video, or sharing their screen (possibly sharing inappropriate or inflammatory content). 

While we are referring to these intrusions as “Zoom Bombing”, the same principles apply whether you are using Zoom, Google Meet, Microsoft Teams, WebEx, or any other format.  

These online meeting platforms are designed to be easy for your entire team to access. They provide virtual face-to-face communication and for remote workers, provide a solid base for team building and productivity. 

Unfortunately, they can also be relatively easy for unwanted visitors to access unless you take some precautions before starting your meeting. While you would think that hackers may not be interested in your weekly update with your team, they may be interested in disrupting your organization. And they may find great interest in calls involving business strategy, earnings reports, examiner meetings, or other critical operational matters. 

Speaking specifically about Zoom, the top recommendation to protect from potential Zoom hacking threats is to create a Zoom webinar instead of a Zoom meeting. You can still invite anyone you want, but because webinars are in presentation format, they are less likely to be hacked. With a paid Zoom account, you can run a webinar versus a meeting. You may want to investigate whether your credit union has (and uses) a paid account; the size of your credit union and need for meeting attendees may dictate which type of account you need. Typically, free Zoom meeting licenses can host up to 100 attendees, and a paid subscription can hold up to 1,000 attendees.

And here are several other ways to safeguard your online meeting from disruption. 

Disable Guest Screen Sharing 
By restricting screen sharing to the host, you can prevent anyone else from being able to display what is on their desktop. It will not stop anyone from joining your meeting, but it will at least keep them from taking over the meeting and sharing inappropriate material. 

Require Host to be Present for the Meeting 
This tactic ensures that nothing can start without you or selected representative(s) from your team as the primary host. Sounds simple, but often the account may be registered with the CEO, IT, or other executives. Be sure to check should others in your organization lead meetings. 

Keep the Meeting ID private (if possible) 
Do not share the details on social media if you do not want members of the public (or hackers) to join. 

Use a Password
This tactic is easy to do and can have an immediate impact. Share the password with only those individuals you intend to include in this meeting.

Use the Waiting Room
Aptly named, the “waiting room” places anyone who is not the host into a virtual waiting room. This tactic ensures the host can see who is in the waiting room and admit only those individuals they are expecting. 

An additional level of security to consider is only allowing access to users who are signed in and sharing their REAL name and photo, and cross-referencing with those invited to participate. 

Troublemakers Not Welcome
If someone joins and begins causing a ruckus, you can (and should) kick them out. When hosting meetings be sure everyone knows the rules – especially if you anticipate some controversy or conflict with participants. [If you would like us to develop a set of rules for your videoconferences at no charge, email Videoconference Guidelines to

To remove someone from your Zoom meeting, go to “Participants Menu” and hover over a participant’s name – you will have the option to remove them, among other options. If someone is kicked out, they cannot rejoin.

Mute All Participants
If you are hosting a meeting where a presentation is being made, you may want to mute all participants to avoid interruptions. You can turn this function off when the presentation is over, or you can use an option for people to raise their (virtual) hand when they want to speak. 

There is also an option for people to unmute themselves. As the meeting host, you can (and should) decide if you want everyone to be able to do that; you can utilize this function to decide who can speak in the meeting.  

Expanding your online meeting options to include large videoconferences is increasing in popularity as many are still reluctant to travel or be in part groups. Like Zoom meetings, virtual conferences are new to many but can be utilized successfully in your organization. Like other online meetings, there will be a waiting room and a “Main Event” room. Think of it as the General Session or gathering place for everyone to join, hear the keynote speaker, get announcements, etc. Only the host and co-host(s) will have control of this room. 

Breakout sessions/rooms can be set up easily through Zoom to allow conference participants to get the specialized information and training they seek from the conference. These rooms can be pre-programmed with users pre-loading files for all participants to view. You can also assign Zoom attendees into their breakout rooms before the event starts. Breakout rooms can have individual names to make it easier for attendees to find the sessions they want to attend. When it is time to return to the main conference room, attendees can exit their breakout sessions anytime. 

Quick List of Things to Keep in Mind for Seminars, Conferences, and Online Workshops

  • Set security to allow control of audio/video only for host and co-host
  • Require attendees to raise their (virtual) hand to speak
  • Limit who has access to the meeting
  • Set a password and keep it secure
  • Monitor chat functions
  • Files can be shared in chat if necessary
  • Record the session

To their credit, Zoom knows it has had security problems and has made multiple efforts to remedy them. Two recent fixes are specifically targeted to stop unwanted or disruptive actions in meetings.

You can now “Suspend Participant Activities,” which gives the meeting host the ability to put the meeting on pause, remove disruptive participants, and then resume hosting the meeting.

Another gives everyone in attendance the ability to report others who are trying to disrupt a meeting. This function, “Report by Participants,” is new for everyone who takes part in a Zoom meeting and does not restrict the reporting ability to just the host and co-host.

Zoom and other online meeting platforms have quickly become commonplace necessities, and for the most part, are secure. Putting in some extra security measures is a prudent move and may give your employees and members an added boost of confidence in how you are protecting them online as well as in person.

John Deveney, ABC, APR, Fellow PRSA, IABC Fellow recognized internationally for crisis and issue management across a variety of industries. 
In 2006, John was honored as “Agency Executive of the Year” by PRNews after he served as the first responder managing media during hurricanes Katrina and Rita — from the evacuation of the city to a military blockade and the aftermath — for both the tourism industry for New Orleans and the Louisiana Office of Tourism. He led the only on-site communication operation and media center that managed more than $400 million in media scrutiny in war-like conditions. 
In 2010, John and his team created the strategy and led the team that managed the state Department of Culture, Recreation and Tourism’s response to the BP oil spill. That effort reshaped public perception and preserved Louisiana’s $9.4 billion tourism industry. DEVENEY has been named PR News’ Firm of the Year and PRWeek’s Top 5 Boutique PR Firms in the country. John is in the PRNews’ Hall of Fame and is the only professional to ever merit the lifetime achievement recognition of being inducted into both the PRSA College of Fellows and IABC Fellows. To learn more visit us at

This content is for CU BUSINESS eMagazine , Special Deal: 2 websites , and NEW! The Leadership Team Builder Group Subscription members only.
Log In Register

Share post:


More like this

Big Banks vs. Credit Unions: Who Wins?

When it comes to banking, there are two main...

A Revolution in Enterprise Search for Credit Unions?

Credit union staff often fall prey to a search...

PSCU Appoints Dave Stafford as Chief Transformation Officer

Stafford to lead CUSO’s newly established Transformation Office; Stephen...