Make sure your Zoom calls are secure

Zoombombing DS


With most UAB employees working remotely and classes being held online, the Zoom online meeting tool has become invaluable.

But like any technology tool, Zoom has the potential for bad actors to crash the party. “ZoomBombing” – unwanted guests joining your class or meeting and sharing unwanted or inappropriate content — is happening more frequently. Keep your meetings secure and be aware when you are scheduling and hosting Zoom calls.

Tips to avoid ZoomBombing

Private Meetings:

Public Meetings:

  • Avoid putting the link on social media.
  • Don’t share links to meetings you are invited to join.
  • Don’t use your Personal Meeting ID when hosting public Zoom meetings.

Manage participants and access:

  • Lock the meeting, once everyone has joined
  • Disable the camera and mute certain participants, or remove them if necessary.
  • Turn off file transfers, private chat and annotations to further control the meeting.
  • Turn off annotation so no one can doodle or markup content during the meeting.
  • Disable private chat to restrict disruptive chat with others during the meeting
  • Turn off screen share in the Settings menu
    • Near the Share Screen icon in the bottom of your Zoom meeting window, select Advanced Sharing to select that only the host can screen share.

Review default settings:

Below are a list of recommended security settings. Before starting a Zoom session, establish secure settings to begin hosting secure meetings. Once signed into your account, click on the Settings tab to review all settings. A blue button (toggled to the right) means the setting is on. A gray button (toggled to the left) means it is off.

  • Host video – Off
  • Participants video – Off
  • Audio Type – Telephone and Computer Audio
  • Join before host – Off
  • User Personal Meeting ID (PMI) when scheduling a meeting – Off
  • Only authenticated users can join meeting – Off (students may not be authenticated users)
  • Require a password when scheduling new meetings – On
  • Mute participants upon entry – On
  • Private chat – Off
  • Auto saving chats – On
  • File transfer – Off
  • Allow host to put attendee on hold – On
  • Screen sharing – Who can share? Host only
  • Disable desktop/screenshare for users – On
  • Annotation – Off
  • Whiteboard – Off
  • Remote control – Off
  • Virtual background – Off
  • Identify guest participants in the meeting – On
  • Auto-answer group in chat – Off
  • Attention tracking – On
  • Waiting room – (for small classes) On
  • Allow live streaming meetings – Off

Learn More

Additional tips to prevent ZoomBombing are available on Zoom’s website.

Keep your Zoom desktop app updated to ensure you receive patches and updates to keep your meetings secure. If you do not see a notification when you first open the desktop app, click on your initials in the upper righthand corner and click "Check for Updates." 

The University of Alabama System office has also taken some steps to help secure Zoom accounts authorized through the UA System, including automatically turning off screen sharing except for the host; turning off the “allow removed participants to rejoin” setting; and turning off file sharing.

In addition to security tips for those hosting a meeting, participants should be aware of the potential for scams. Just as you would review an email for potential phishing, be aware of links you receive inviting you to Zoom meetings. Beware of emails from unknown senders; don’t click on attachments or links within the emails; be aware of lookalike URLs. In addition, beware of advertisements for a tool that claims to help you determine if your Zoom meeting is at risk — it is likely a scam or malware.

If you have signed up for a Zoom account using your personal email address, be aware that non-standard providers (such as something other than Gmail, Yahoo, or other well-known email systems) may trigger Zoom to include others in that domain in your “company directory” contacts.

Last modified on April 03, 2020