New resource addresses virtual event security and dealing with “Zoom bombing”

For our March 2021 Tools Trial, we hosted a safety drill to refine how virtual event hosts can respond to “Zoom bombing.” As a result of the trial, this week we published a CSCCE tech tip sheet, which contains a series of checklists to help you and your team configure your meeting settings, plan out how you might respond in the event of a bad actor disrupting your event, and recover from the intrusion after the fact. 

What is Zoom bombing? 

While the precise actions of a Zoom bomber might vary, Zoom bombing generally involves an uninvited participant joining your meeting and visibly or audibly disrupting the meeting. As we noted during our session, this tends to be more prevalent at events that are configured to allow active participation, for example through screen sharing or the ability to unmute yourself. 

This behavior is of course not unique to one platform, but the moniker “Zoom bombing” has stuck, and many meeting facilitators and event hosts use it regularly. Our tip sheet focuses on Zoom for two reasons: it is a widely used platform and it is the platform we as an organization use on a day-to-day basis. However, many of the pointers and checklists in the tip sheet are relevant regardless of the video conferencing platform you use. 

We also do not lay blame for this problem at the feet of Zoom. Indeed, what motivates Zoom bombers to do what they do remained a mystery to all in our Tools Trial! Instead, our intention is to offer practical and actionable advice on how to protect yourself and your meeting participants. 

Running a Zoom safety drill

At the suggestion of community member Erin Robinson (Metadata Game Changers), we convened a Zoom safety drill as part of our March 2021 Tools Trial. The idea was to test out the various security features available on Zoom, and to role play what it would be like to have to report and evict a bad actor and then deal with the fallout. 

Before we started the drill, we spent some time talking about prior experiences and lessons learned. Then, we collectively reviewed a draft checklist CSCCE’s Katie Pratt had put together ahead of the call. With this preparation in mind, we moved into the role playing scenario, which involved: 

  • One person acting as the Zoom bomber. In our case, the “bad actor” played a Minions video through their webcam. 
  • One person acting as the Host. 
  • Everyone else acting as participants, and taking on the responsibility of alerting the host to a disturbance. 

Importantly, we did not actually report or evict our faux trouble maker, but we did learn a lot from activating Zooms security features, which include disabling participant access to features like chat, screen sharing, and renaming. 

The host slowly walked everyone through what they were doing behind the scenes. This activity helped clarify that there are multiple ways that you might react, depending on the type of meeting you’re hosting and your ability to identify and neutralize the intruder. 

After the call, Katie worked with CSCCE Director Lou Woodley to synthesize everything we learned into a tech tip sheet (pictured right). It is published under a CC-BY license, so you are welcome to reuse and remix it for your own needs, with attribution to the original. 

Let us know if you used any of the checklists in your own organization in the comments, or if you would prefer, you can email us with any comments or questions: info@cscce.org

Acknowledgements

A big thank you to everyone who attended the trial, participated in the safety drill, and worked to refine and validate the tip sheet: Rachael Ainsworth (Software Sustainability Institute), Chiara Bertipaglia (Columbia University’s Zuckerman Institute), Megan Carter (Earth Science Information Partners), Jenny East (CSCCE), Rihan Hassad (NYU Neuroscience Institute), Geoff Hunt (American Society for Microbiology), Emily Lescak (Code for Science & Society), Erin McLean (Arctic Data Center), Jody Peters (Ecological Forecasting Initiative, University of Notre Dame), Esther Plomp (TU Delft), Erin Robinson (Metadata Game Changers), Camille Santistevan (CSCCE), and Stephanie Vasko (Center for Interdisciplinarity, Michigan State University). 

Disclaimer: Please note that neither CSCCE nor any of the participants (or their organizations) who attend these tools trials are endorsing or criticising the platforms tested. 

Can we trial…

Have an idea for a future CSCCE Community Tools Trial? Let us know by emailing info@cscce.org. You can find recaps of previous trials on our blog here.

Leave a Reply

Your email address will not be published. Required fields are marked *