What is a Zoom-bomber? Zoom is a synchronous (live) web conferencing tool that is fantastic for fostering meaningful instructor-student and student-student interactions. It is being used by many faculty to assist them with a smooth transition to temporary remote teaching and learning.  However, in this time of disruption, there has been an increased likelihood that you may have uninvited attendees show up in your meetings and deliberately try to derail it. During the COVID-19 period, educators and businesses alike are reporting incidents of “Zoom-bombing” or “Zoom trolls.” The following tips are provided to help you continue with your synchronous instruction in Zoom without the burden of uninvited attendees. If you would like more information related to Zoom Bombings, please return to the Bombing High Security Menu Recommendations for Zoom (CLICK HERE). If you would like to use more strict security settings: please review the Zoom Bombing Information Folder in the Support Portal (CLICK HERE).    Starting Points for Zoom Meeting Security          Tip 1 - Disable "Join Before Host" (Can be done in the Profile level Settings menu) Tip 2 - Turn "Waiting Room" ON (Can be done in the Profile level Settings menu)  Tip 3 - Disable "Allow removed participants to rejoin" (Can be done in the Profile level Settings menu)  Tip 4 - Do not use your Personal Meeting ID (When scheduling a meeting). Tip 5 - Set a password for the meeting (When scheduling a meeting).  Tip 6 - Before allows attendees entry into the meeting, disable their ability to unmute themselves. (In the Meeting) Tip 7 - Remove all attendees that you do not recognize or that are showing questionable behavior. (In the Meeting) Tip 8 - When all expected attendees are in the meeting, Lock the Meeting. (In the Meeting) Zoom Bombings are divided in to 3 main groups Visual Attacks: These include inappropriate imagery via virtual backgrounds, screen sharing, annotation and camera. Auditory Attacks: Including but not limited to, obscenities, hate speech and threats of violence. Chat attacks: This includes the written equivalent of Group 2, but also could includes the usage of Zoom Chat's File transfer capability for distributing images, videos and executable files. There are generally 2 types of Zoom Bombers     Berserkers: Begins the attack immediately upon entering a meeting and continues until the meeting is stopped by the host or until they are removed from the meeting. Please note, because they were able to get into the                 meeting once, they will most likely attempt to do so again as quickly as possible.     Ghosts: Attempts to portray themselves as an invited attendee of the meeting (commonly without a camera being shared). They will commonly change their displayed name to be the same as other participants or to be blank.         These attackers are normally more disruptive after the meeting has started going and they operate in short actions and then try to 'hide.' - For more information on and steps for Basic Menu Security Recommendations for Preventing Zoom Bombings  (CLICK HERE) - For more information on and steps for Scheduling a Secure Meeting (CLICK HERE) - For more information on and steps for Safely Starting a Zoom Meeting in the age of Zoom Bombings (CLICK HERE)

As discussed in Background and Basic info on Zoom Bombings (CLICK HERE), protecting Zoom sessions/meetings from Zoom Bombings requires multiple actions by the Host(s). The first stage of these protections are made in the Zoom Account Settings Menu.  - Step 1 - Go to endicott.zoom.us and sign into your account. - Step 2 - Select Settings.   - Step 3 - Disable Join Before Host - Step 4 - Turn Waiting Room ON and select All participants. You also have the option of adding a logo image and instructions for people in the Waiting Room. - Step 5 - Confirm that Allow removed participants to rejoin is Off. On April 1st, 2020, Endicott Campus Technology set this menu option to OFF for all user accounts. Although users have the ability to change this, it is not recommended. --- This concludes the steps for Basic Security Recommendations for Preventing Zoom Bombings --- If you would like to invoke higher security settings for your Zoom calls, please go to the following document.  Bombing High Security Menu Recommendations for Zoom (CLICK HERE) If you would like to learn more on Scheduling a Secure Meeting - Zoom (CLICK HERE).

This document is intended for faculty/staff that wish to enable higher than standard safety measures to lessen the impact of Zoom Bombings. These settings are the maximum security menu options available. The recommendations below are intended to work together to increase the security of online learning and meetings. Altering individual settings from this list may impact the overall security of your sessions. Recommended Account Menu Settings: Go to Zoom.us, login with your Zoom credentials and click on "Settings" on the left menu to access these settings Under Schedule Meeting Disable Join Before Host. This prevents guests from interacting before the host of the meeting arrives. Meeting Hosts have the ability to remove guests, but other guests do not. Guests will be presented with a notice that they are waiting for the Host to sign in. Enable Require a password when scheduling new meetings. The password will prevent would be guests from joining meetings at all. The password is randomly generated, but it can be altered by the Host. Enable Require password for participants joining by phone. Because Zoom handles telephone connections differently than web connections, this option needs to be managed separately. Enable Mute participants upon entry. This will have all participants muted when they connect to the meeting. The Host has the ability to prevent attendees from unmuting themselves once the Host has joined the meeting.  Under Meetings (Basic) Disable Private Chat. This prevents guests from sending 1-on-1 chats to other guests. Under File Transfer, restrict files types allowed to only those applicable to your course (e.g. Powerpoint, Excel, and Word file types. It is strongly recommend not to allow .exe files). Enable Allow host to put attendee on hold. This will allow a guest to be temporarily separated from a meeting. They will be allowed back into the call if this is used. Enable Screen sharing - Set Who can share to Host only. Then click Save. Disable Allow removed participants to rejoin. If a host “Removes” a disruptive guest from a meeting, this option being disabled will revoke their ability to rejoin the call. Under Meeting (Advanced) Enable Closed Captioning. This will not transcribe your session nor is it a security measure, but it will be of help if Closed Captioning is required for a session. If CC is enabled, and transcription services are needed, please contact Academic Success for more information. Enable Waiting room. When guests join the room, they will be entered into a virtual standby space. The guests will not be able to interact with each other within Zoom until the Host welcomes them into the call. - Under Waiting room, select All participants. Students are not issued Zoom accounts, therefore, they will all show as guests. Under e-mail No options in this section are affected by Zoom Bombing recommendations at this time. All settings are enabled by default. These settings can be adjusted as desired. Under Other Enable Blur snapshot on iOS task switcher. This is more of a privacy item for users on iOS devices. --- This is the end of the Menu Settings based on Zoom Bombing recommendations. ---

This document is intended for faculty/staff that wish to enable higher than standard safety measures to lessen the impact of Zoom Bombings. These settings are the maximum security menu options available. The recommendations below are intended to work together to increase the security of online learning and meetings. Altering individual settings from this list may impact the overall security of your sessions. Recommended Account Menu Settings: Go to Zoom.us, login with your Zoom credentials and click on "Settings" on the left menu to access these settings Under Schedule Meeting Under Audio Type, Select Computer Audio. This will prevent attendees from connecting to meetings using a Telephone. Disable Join Before Host. This prevents guests from interacting before the host of the meeting arrives. Meeting Hosts have the ability to remove guests, but other guests do not. Guests will be presented with a notice that they are waiting for the Host to sign in. Disable Use Personal Meeting ID (PMI) when scheduling a meeting. Using a randomly generated room ID when scheduling meetings will make it more difficult for bombers to target your meeting. Disable Use Personal Meeting ID (PMI) when starting an instant meeting. Using a randomly generated room ID when conducting a meeting will make it more difficult for bombers to target your meeting.  Enable Require a password when scheduling new meetings. The password will prevent would-be guests from joining meetings at all. The password is randomly generated, but it can be altered by the Host. Enable Require a password for instant meetings. The password will prevent would-be guests from joining meetings at all. The password can be set in directly below this option and will the same password for all instant meetings for this account. Disable Embed password in meeting link for one-click join. This will remove the single click entry links from being sent in invitations, thus enabling password requirements. Enable Require password for participants joining by phone. Because Zoom handles telephone connections differently than web connections, this option needs to be managed separately. Enable Mute participants upon entry. This will have all participants muted when they connect to the meeting. The Host has the ability to prevent attendees from unmuting themselves once the Host has joined the meeting. Under Meetings (Basic) Disable Chat. This will prevent any text based communications from being possible. Disable Private Chat. This is a fallback setting in case some users do not disable the Chat option. Enable Auto saving chat. This will automatically save a copy of the chat to the Host’s computer for records. Disable File Transfer. This will prevent files of any kind from being shared. Disabling the Chat option should prevent File Transfer, this is a fail-safe setting if the chat option is activated in a meeting. Enable Allow host to put attendee on hold. This will allow a guest to be temporarily separated from a meeting. They will be allowed back into the call if this is used. Disable Screen sharing. This will prevent any attendee but the Host from sharing content from their computer. Disable Annotation. This will prevent attendees from using the annotation option. Disable Whiteboard. This will prevent any attendee but the Host from using the virtual whiteboard option under Screen Sharing. Disable Allow removed participants to rejoin. If a host “Removes” a disruptive guest from a meeting, this option being disabled will revoke their ability to rejoin the call. Disable Allow participants to rename themselves. This will prevent problem attendees from changing their displayed name in a meeting. This has been found to be helpful in identifying some Zoom Bombers. Under Meeting (Advanced) Disable Breakout Rooms. This will ensure that all attendees remain in the main meeting room. Enable Closed Captioning. This will not transcribe your session nor is it a security measure, but it will be of help if Closed Captioning is required for a session. If CC is enabled, and transcription services are needed, please contact Academic Success for more information. Disable Virtual background. This will lessen the impact on data slowdowns on calls as well as remove that avenue of offensive content. Enable Waiting room. When guests join the room, they will be entered into a virtual standby space. The guests will not be able to interact with each other within Zoom until the Host welcomes them into the call. - Under Waiting room, select All participants. Students are not issued Zoom accounts, therefore, they will all show as guests. Disable Allow live streaming meetings. This will ensure that the content does not get distributed outside of the meeting. Under e-mail No options in this section are affected by Zoom Bombing recommendations at this time. All settings are enabled by default. These settings can be adjusted as desired. Under Other Enable Blur snapshot on iOS task switcher. This is more of a privacy item for users on iOS devices. --- This is the end of the Menu Settings based on Zoom Bombing recommendations. ---

1. SET-UP a ZOOM MEETING with a REQUIRED PASSWORD      Open a web browser or your zoom app and log in to Zoom.   Click on > “Schedule A Meeting” or the “Schedule” icon on the app.                              2. ENTER or EDIT MEETING DETAILS Scroll down on your browser to find the “Meeting ID” field > Select “Generate Automatically”  !!DO NOT SELECT > the “Personal Meeting ID” button. This feature uses your unique Zoom ID by default and if your meeting ID is discovered by an unwanted attendee, they will have the ID access to each of your sessions.  You will need to schedule each meeting individually with an automatically generated unique ID code provided by Zoom.   Scroll down on your browser to find the “Meeting Password” field or the “Password” section on the App.                                              Check the box that says “Require Meeting Password” and set your password using numbers, letters, symbols or a combination of all. !!DO NOT SELECT the “Recurring Meeting” box.            This feature uses your unique Zoom ID by default and if your meeting ID is discovered by an unwanted attendee, they will have the ID access to each of your sessions.  You will need to schedule each meeting individually for security.   In the “Meeting Options” field > Select “Mute Participants Upon Entry”.                                                      In the “Meeting Options” field > Select “Enable Waiting Room”.               3. COMPLETE YOUR SCHEDULED MEETING SET-UP in the fields described below           “Topic” field > Name your meeting                                                     “Description (Optional)” field > Add text relevant to your attendees                                                      “When” field > Select the date and time for your meeting                                                    “Duration” field > Set meeting to run one hour past the end to avoid cutting off discussion and to manage any troubleshooting during a session.                                         “Time Zone” field > Select (GMT-4:00) Eastern Time (US and Canada)  !!DO NOT SELECT the “Recurring Meeting” box.  This feature uses your unique Zoom ID by default and if your meeting ID is discovered by an unwanted attendee, they will have the ID access to each of your sessions.  You will need to schedule each meeting individually for security.   In the “Meeting ID” field > Select “Generate Automatically”  !!DO NOT SELECT the “Personal Meeting ID” button.   This feature uses your unique Zoom ID by default and if your meeting ID is discovered by an unwanted attendee, they will have the ID access to each of your sessions.  You will need to schedule each meeting individually with an automatically generated unique ID code.                                                   4.  CONFIRM THAT YOUR MEETING PASSWORD IS STILL SET FROM YOUR INITIAL SET-UP in the fields described below “Video Field” > Select the “Host” video option you prefer.                                                    “Video Field” > Select the “Participant” video option you prefer.               Note, that added security measures can be taken by not automatically allowing participants to join with video.    “Audio” field > Select the “Both” button.                                                   “Meeting Options” field > Select “Mute Participants Upon Entry”.                                                     “Meeting Options” field > Select “Enable Waiting Room”.                              !!DO NOT SELECT the “Only Authenticated Users Can Join” box.  This only applies to users with active Zoom accounts. REVIEW YOUR MEETING DETAILS > Then Select “SAVE”                              5. HOW TO INVITE ATTENDEES WITH THE PASSWORD INCLUDED                                                    Your selected password will be included in the Zoom (NOT CANVAS) generated invitation to your event and can be sent to your attendees via email or copied text.                                                You must copy the invitation generated from Zoom for the password to be included in the message, sharing only the URL link will not include the password.                                                            TO DOWNLOAD THE ZOOM APP:  click the URL and download “Zoom Client for Meetings” : https://zoom.us/download

Because the concept of Zoom Bombing is predicated on uninvited and/or unwanted attendees gaining access to meetings in order to cause problems, this document is meant to provide best practices on making sure that only the attendees that you want in your meeting get there. These are by no means the only methods of identifying potentially problematic attendees, they are merely a starting point. This document was written with the assumption that the steps addressed in Safely starting a Zoom session in the age of Zoom Bombing (CLICK HERE) have already been completed. There are indications that invitation emails for meetings and classes are being distributed to individuals outside of the intended recipient list. Operating under the assumption that only people that the host invites to attend are reaching the room is no longer a safe thought. An additional layer of security must be employed to prevent Zoom Bombing from disrupting sessions. The next level of security is dependent on the assumption that the 3 key points covered in the Scheduling a Secure Meeting - Zoom (CLICK HERE) and Safely starting a Zoom session in the age of Zoom Bombing (CLICK HERE) documents were followed. -Assumption 1 - When Scheduling the Meeting (CLICK HERE), DISABLE Join Before Host. This will automatically put attendees on hold until the Host of the meeting signs in. If Join Before Host is left Enabled, all attendees are placed in the meeting room and are left vulnerable to the actions of all other attendees until the Host has joined. -Assumption 2 - When Scheduling the Meeting, ENABLE the Waiting Room for the session (CLICK HERE). This will put all would be attendees of a session into an individual space where they wait to be allowed into the meeting by the Host. -Assumption 3 - The Host has started session following safety recommendations (CLICK HERE). Your Options: - You can leave would be attendees in the waiting room. - You can sent a chat message with everyone in the waiting room. - You can remove questionable account names without even interacting with them. - Zoom does permit all attendees that are in the Waiting Room to be allowed into the meeting in one action. This is NOT ADVISED. It is acknowledged that the host personally checking all attendees in the Waiting Room will take time and depending on the size of the session's attendance list could prove problematic. But some Zoom Bombers begin their disruptive/offensive actions the moment that they are in the room. For those attendees that that are having computer or network issues that need to connect by telephone, it should be made known that the telephone number that they are calling from will be visible to all other attendees. This is a privacy issue for some, but it could be used to authenticate an attendee is who they claim to be. The attendee should contact the host via email and let them know the phone number that they will be calling from.

Disabling the ability for meeting participants from unmuting themselves can be a temporary component of starting a Zoom session if it is used in conjunction with Locking the meeting. PLEASE READ Safely starting a Zoom session in the age of Zoom Bombing (CLICK HERE) before continuing this document. Conditions where it can be considered safe to Lock a Zoom session: 1 - All expected participants are logged into the session. 2 - All participants have been checked by the host to confirm that they are supposed to be in the meeting. 3 - All undesired users have been Removed from the session and Waiting Room by the host. Locking the Zoom Session Step 1 - Confirm that all Conditions listed above are met. Step 2 - Click Manage Participants in the in-call menu bar. Step 3 - Looking in the lower right corner of the Participants area, click More. Step 4 - Click Lock Meeting. A popup confirmation window will open to confirm the lock.   Step 5 - Click Yes. --- Your Meeting is now Locked. No new attendees can join the meeting even if they have the Meeting ID and Password. --- With the room now locked, the user experience for the attendees can be made more open. Allow Participants to mute and unmute their microphones Step 1 - Looking in the lower right corner of the Participants area, click More. Step 2 - Click "Allow Participants to Unmute Themselves" so that this option shows as CHECKED. The menu should look like the image below.   Give all Participants the ability to share their screens Step 1 - Click the up arrow to the right of the Share Screen button.  Step 2 - Under the Who can share? heading, Click All Participants. Leave "Who can start sharing when someone else is sharing?" as Host Only.    Step 3 - Click the X in the top right corner to close this popup.