Sent: March 27, 2020
From: Hien Huynh, Information Security Officer
I want to make you aware of a new kind of phishing attack that’s growing quickly in the wake of a global switch toward teaching, learning, and working remotely—“Zoom Bombing.”
Zoom bombing is when an unwanted participant joins your Zoom meeting. Sometimes attackers are joining just to be a nuisance, but for others, the aim is to slip in unnoticed as you share documents with protected information on them or discuss confidential data.
While SJSU already has some extra protocols in place to help keep you secure, I want to give you some quick tips to further help you prevent Zoom bombing.
- Keep Meeting URLs Private - Don’t share them anywhere that’s accessible to the public. Just keep it to the group of people you’re sure you want to be there.
- Keep Meeting Passwords On - These are on by default, so all you have to do is put in a password when prompted and leave them on.
- Lock Your Meetings - When a meeting is locked, no one can join. Learn how on the SJSU IT Securing Zoom Meetings page.
- Double-Check Your Zoom Google Calendar Invites - If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Plug-in, the calendar entry may include the Zoom meeting password. Depending on your settings, this may expose the password to anyone who views your calendar. Make your calendar entry private or edit the entry to remove the Zoom meeting password.
For more details on each of these tips and some more information on staying secure while working from home, visit the Work Anywhere Zoom page. You can also find information on the Work Anywhere FAQ about how to send data securely using DocuSign and safely access SJSU data systems remotely.