Press "Enter" to skip to content

Having Your Videoconference Hacked is a Real Threat

John Deveney

Remote working during the
pandemic caused most of us to adapt into online meeting masters. We regularly
host team meetings, contact our members, and conduct all sorts of business via
the myriad of online meeting platforms. We have grown more comfortable with
these platforms and types of meetings, and activists have identified them as a
vulnerable point in most organizations. 

You have probably seen a photo
where a toddler, animal, stranger, or loved one unexpectedly appears as a
“photobomb”. While those accidents can be amusing, when someone gains access to
your online business meeting to disrupt you or with criminal intent, it is
anything but funny. 

A couple of months ago a group of
protestors wanting to disrupt and harm a client of ours targeted an important
videoconference critical to their mission. We were able to make some
adjustments to the meeting platform and some recommendations to the organizers
to protect the gathering, the attendees, and the organization. With the tips
and insights below, you will be able to protect yourself and your credit union,
while enjoying all the benefits this technology affords us. 

In this edition of Investment in
Crisis Management Series we are going to address “Zoom Bombing”. Any Zoom video
call has the potential to be attended by people not formally invited to the
meeting. “Zoom Bombing” occurs when unwanted visitors or hackers disrupt a Zoom
meeting. They can modify aspects of the call such as unmuting themselves,
sharing their video, or sharing their screen (possibly sharing inappropriate or
inflammatory content). 

While we are referring to these
intrusions as “Zoom Bombing”, the same principles apply whether you are using
Zoom, Google Meet, Microsoft Teams, WebEx, or any other format.  

These online meeting platforms are
designed to be easy for your entire team to access. They provide virtual
face-to-face communication and for remote workers, provide a solid base for
team building and productivity. 

Unfortunately, they can also be
relatively easy for unwanted visitors to access unless you take some
precautions before starting your meeting. While you would think that hackers
may not be interested in your weekly update with your team, they may be
interested in disrupting your organization. And they may find great interest in
calls involving business strategy, earnings reports, examiner meetings, or
other critical operational matters. 

Speaking specifically about Zoom,
the top recommendation to protect from potential Zoom hacking threats is to
create a Zoom webinar instead of a Zoom meeting.
You can still invite anyone you want, but because webinars are in presentation
format, they are less likely to be hacked. With a paid Zoom account, you can
run a webinar versus a meeting. You may want to investigate whether your credit
union has (and uses) a paid account; the size of your credit union and need for
meeting attendees may dictate which type of account you need. Typically, free
Zoom meeting licenses can host up to 100 attendees, and a paid subscription can
hold up to 1,000 attendees.

And here are several other ways
to safeguard your online meeting from disruption. 

Disable Guest Screen Sharing 
By restricting screen sharing to the host, you can prevent anyone else from being able to display what is on their desktop. It will not stop anyone from joining your meeting, but it will at least keep them from taking over the meeting and sharing inappropriate material. 

Require Host to be Present for the Meeting 
This tactic ensures that nothing can start without you or selected representative(s) from your team as the primary host. Sounds simple, but often the account may be registered with the CEO, IT, or other executives. Be sure to check should others in your organization lead meetings. 

Keep the Meeting ID private (if possible) 
Do not share the details on social media if you do not want members of the public (or hackers) to join. 

Use a Password
This tactic is easy to do and can have an immediate impact. Share the password with only those individuals you intend to include in this meeting.

Use the Waiting Room
Aptly named, the “waiting room” places anyone who is not the host into a virtual waiting room. This tactic ensures the host can see who is in the waiting room and admit only those individuals they are expecting. 

An additional level of security
to consider is only allowing access to users who are signed in and sharing
their REAL name and photo, and cross-referencing with those invited to
participate. 

Troublemakers Not Welcome
If someone joins and begins causing a ruckus, you can (and should) kick them out. When hosting meetings be sure everyone knows the rules – especially if you anticipate some controversy or conflict with participants. [If you would like us to develop a set of rules for your videoconferences at no charge, email Videoconference Guidelines to jdeveney@deveney.com.

To remove someone from your Zoom
meeting, go to “Participants Menu” and hover over a participant’s name – you
will have the option to remove them, among other options. If someone is kicked
out, they cannot rejoin.

Mute All Participants
If you are hosting a meeting where a presentation is being made, you may want to mute all participants to avoid interruptions. You can turn this function off when the presentation is over, or you can use an option for people to raise their (virtual) hand when they want to speak. 

There is also an option for
people to unmute themselves. As the meeting host, you can (and should) decide
if you want everyone to be able to do that; you can utilize this function to
decide who can speak in the meeting.  

Conferences 
Expanding your online meeting options to include large videoconferences is increasing in popularity as many are still reluctant to travel or be in part groups. Like Zoom meetings, virtual conferences are new to many but can be utilized successfully in your organization. Like other online meetings, there will be a waiting room and a “Main Event” room. Think of it as the General Session or gathering place for everyone to join, hear the keynote speaker, get announcements, etc. Only the host and co-host(s) will have control of this room. 

Breakout sessions/rooms can be set
up easily through Zoom to allow conference participants to get the specialized
information and training they seek from the conference. These rooms can be
pre-programmed with users pre-loading files for all participants to view. You
can also assign Zoom attendees into their breakout rooms before the event
starts. Breakout rooms can have individual names to make it easier for
attendees to find the sessions they want to attend. When it is time to return
to the main conference room, attendees can exit their breakout sessions
anytime. 

Quick List of Things to Keep
in Mind for Seminars, Conferences, and Online Workshops

  • Set security to allow control of audio/video
    only for host and co-host
  • Require attendees to raise their (virtual) hand
    to speak
  • Limit who has access to the meeting
  • Set a password and keep it secure
  • Monitor chat functions
  • Files can be shared in chat if necessary
  • Record the session

To their credit, Zoom knows it
has had security problems and has made multiple efforts to remedy them. Two
recent fixes are specifically targeted to stop unwanted or disruptive actions
in meetings.

You can now “Suspend
Participant Activities
,” which gives the meeting host the ability to
put the meeting on pause, remove disruptive participants, and then resume
hosting the meeting.

Another gives everyone in
attendance the ability to report others who are trying to disrupt a meeting.
This function, “Report by Participants,” is new for everyone
who takes part in a Zoom meeting and does not restrict the reporting ability to
just the host and co-host.

Zoom and other online meeting
platforms have quickly become commonplace necessities, and for the most part,
are secure. Putting in some extra security measures is a prudent move and may
give your employees and members an added boost of confidence in how you are
protecting them online as well as in person.

John Deveney, ABC, APR, Fellow PRSA, IABC Fellow recognized internationally for crisis and issue management across a variety of industries. 
In 2006, John was honored as “Agency Executive of the Year” by PRNews after he served as the first responder managing media during hurricanes Katrina and Rita — from the evacuation of the city to a military blockade and the aftermath — for both the tourism industry for New Orleans and the Louisiana Office of Tourism. He led the only on-site communication operation and media center that managed more than $400 million in media scrutiny in war-like conditions. 
In 2010, John and his team created the strategy and led the team that managed the state Department of Culture, Recreation and Tourism’s response to the BP oil spill. That effort reshaped public perception and preserved Louisiana’s $9.4 billion tourism industry. DEVENEY has been named PR News’ Firm of the Year and PRWeek’s Top 5 Boutique PR Firms in the country. John is in the PRNews’ Hall of Fame and is the only professional to ever merit the lifetime achievement recognition of being inducted into both the PRSA College of Fellows and IABC Fellows. To learn more visit us at www.deveney.com.

This content is for CU BUSINESS eMagazine , THE TEAM BUILDER (GROUP SUBSCRIPTION), and Special Deal: 2 websites members only.
Log In Register

Comments are closed.