In recent news, several universities have reported incidents of "Zoom bombing" a when uninvited attendees join a Zoom meeting to share offensive or inappropriate content. Such intrusions are disruptive and could result in the unintentional sharing of private information.
You may be wondering what you can do to help prevent this from happening in your CarmenZoom meeting. Below we have outlined a number of suggestions to help keep your virtual meetings and class sessions safe and secure. Expand each section for more information.
On May 5, 2020, CarmenZoom default meeting settings were updated to better protect our students, faculty, and staff. These settings were carefully chosen to ensure your security while maintaining the usability of the tool. These changes to default settings will affect any new meetings you create. Existing meetings will not be affected. These new default settings will not override any changes you've made to your personal settings.
The best way to deal with uninvited attendees is to set up your meeting to help keep them out in the first place.
CarmenZoom has a number of default security settings enabled to make your meetings more secure. Think of these default settings like wearing a helmet when you ride a bike. They are designed to protect you and removing those protections opens you up to risks. If you choose to alter some of these settings, it may be harder for Ohio State to look into a situation and identify the offenders in the case of a Zoom bombing attack.
Meeting passwords. We strongly recommended that you take advantage of the default passwords for meetings. Passwords create an additional layer that hackers must work to breach. While passwords will be embedded in meeting links by default, you can choose to turn off this setting and send a password to your participants separately. If you are using the Canvas integration to schedule Zoom meetings with your students, you should leave the password embedded in the link.
Join Before Host is disabled. The Join before Host option allows meeting participants, unwanted or not, to join your meeting before you.
Consider the following additional meeting settings:
Create scheduled meetings with a unique URL for each class session or meeting. Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting, and once someone has the link to your PMI, they can pop in and out at any time the meeting room is in use. To make your personal room more secure, turn on the waiting room option and/or lock the meeting once it begins.
Turn on the Waiting Room. The Waiting Room is a virtual staging area that stops your guests from joining until you're ready for them.
Restrict access to authenticated users. If all of your attendees have an Ohio State username (lastname.#), restrict access to authenticated users. In the Settings menu at carmenzoom.osu.edu, under Schedule Meeting select Only authenticated users can join.
If attendees aren't logged in to CarmenZoom when they click the link to your meeting, a login window will appear. They should select Sign In with SSO and enter osu as the domain. Learn more about logging in to CarmenZoom.
If some of your attendees do not have an Ohio State username, see the options below for allowing non-university guests.
Options for allowing non-university guests
Using the Only authenticated users can join setting will prevent guests who do not have an Ohio State Zoom account from entering the meeting, including some users from the College of Food, Agriculture and Environmental Sciences and Fisher College of Business, users from Central Ohio Technical College, and some international students.
If your meeting includes non-university participants, you can use other strategies to control who can attend.
Once your meeting begins, you have a number of options for reducing the chances of disruptions.
Click on the Security icon to manage the following in-meeting security options:
- By default, Zoom prevents participants from:
Using the advanced host controls you can also:
You've taken preventative steps, but Zoom bombing can still happen. If it does, use the following suggestions to help mitigate the disruptive behavior or participants.
Remove disruptive users. From the Participants menu, you can hover over a participantas name, and several options will appear, including Remove. If you accidentally remove a participant, you can allow removed participants to rejoin; this option must be selected before the meeting begins.
Put disruptive users on hold. You can put each participant on a temporary hold, including the attendees' video and audio connections.
If you do experience zoom bombing or other inappropriate behavior in a Zoom meeting, contact email@example.com with the following information:
Meeting ID - For more information see How do I locate a Zoom Meeting ID?
Ohio State username (lastname.#) of the person who created the meeting
Date and time of the incident
Brief description of the incident
If you have a recording of the meeting, do not delete it
Save the chat text, if applicable
If the incident involved any type of harassment, discrimination, or sexual misconduct, please report the incident to the Office of Institutional Equity.
See additional information regarding virtual meeting security for both Zoom and Skype at Cybersecurity For You.