Last week we shared with many of you some concerns relating to Zoom after a school had been hacked (called Zoom bombing), and it seems something similar happened to a church here in Wales over the weekend. In this article, with input from James Hughes from Llanelli and Steffan Job from the EMW, we share some guidelines that should help churches.
There is plenty of material online on how a person can hack into a Zoom meeting. Attacks are usually a logical conclusion of having widely shared a Zoom meeting and login details online. An example would be a church sharing the time, meeting ID and password of a service on Facebook and Twitter. This allows any malicious third party to join multiple times under different names and attack the service.
It is therefore important that you take care how widely you share the meeting ID and password. There is a balance here between making your meetings accessible to all, but not allowing hackers to simply join your meeting. It may be worth putting a screening process in place. You can ask people to register on Zoom, but the EMW asks people to register before a Zoom meeting by either a simple online form or by asking people who want to register to email a nominated person. We then send the link direct to that person and never share meeting IDs on the internet.
A church will be protected to a large degree by having a meeting ID and password that is not widely disseminated. Many other churches use YouTube or Facebook live for their public meetings (that only allow comments), and only use Zoom for private meetings between people who are known to the church.
But can you provide more protection?
Here are a few tips to further help:
Disable the screen share option for participants (To do this you either change your pre-meeting settings or in the in-call admin settings for Share Screen -> Advanced Sharing Settings).
Disable “Join Before Host” so people can’t access the meeting before you arrive.
Ask a person who is not leading to set-up the meeting and keep an eye on those taking part. This person can end the meeting quickly if there’s a problem.
Enabling “Co-Host” so you can assign others to help moderate (only available on some packages).
Disable “File Transfer” so there’s no digital virus sharing.
Disable “Allow Removed Participants to Rejoin” so people who have been ejected can’t slip back in.