A racist “Zoom bombing” incident regarding a campus Filipinx organization prompted concerns about the safety of the Zoom online conferencing application, which has been widely used by educational institutions, businesses and individuals since the pandemic forced society to limit in-person contact.
With incidents of Zoom bombing – meaning uninvited and often inappropriate intrusions of Zoom calls – rising, both the application’s creators and San Diego State’s IT department have implemented a list of best practices to avoid any unwanted guests.
On April 8, Zoom published a blog post about its new security features taking effect through a software update. Some of the new features included hiding users’ meeting IDs and a security function that allows hosts to lock their meetings and prevent intrusions.
The security feature will also automatically turn on virtual waiting rooms, which requires the hosts to approve all participants seeking entrance to their sessions. Before, a user could simply click on a link to enter the meeting with no screeing process. It also allows hosts to prevent participants from sharing screens, chatting, renaming themselves and annotating on the screen, tactics that have previously been used in incidents of Zoom bombing.
SDSU’s IT department posted on its website about these updates to ensure faculty have the resources to navigate these new features.
Ricardi Fitipaldi, chief information security officer at SDSU, said staying up to date with all security developments is crucial for Zoom users.
“This is one of the most critical aspects of overall protection,” Fitipaldi said.
He advises faculty who don’t have the update to contact their college-specific IT department for help installing it. Faculty computers and tablets require administrative logins from college-specific IT departments to adjust particular settings, including the recent Zoom update.
Assistant professor of digital media studies Nathian Shae Rodriguez said he has not been able to receive the update but has reached out to his college’s IT department and is waiting on further instructions on how to proceed.
“We’re not in a space where we can just walk it over to our IT’s college,” Rodriguez said. “We’re kind of in this limbo mode of not being able to get the update that we need.”
Before Zoom took action to increase security, other educational institutions ceased from using the application altogether due to security concerns. On March 30, the FBI’s Boston field office issued a list of precautions to the schools within its jurisdiction on how to avoid unwanted disruptions.
Following the FBI’s press release, New York’s City Department of Education, the largest school district in the country, advised its schools to avoid using Zoom and move to other video conferencing alternatives. Other school districts and universities around the country are taking several different approaches while they continue to use Zoom.
Sean Hauze, associate director of Instructional Technology Services at SDSU, said Zoom was initially implemented on campus in Fall 2016, at a time where security concerns such as “Zoombombing” were unheard of.
“The security and privacy issues are a direct result of that twentyfold increase in the number of Zoom users nationally and internationally,” Hauze said.
The high traffic of users on Zoom has also garnered the attention of this cybercrime.
On April 1, hackers reportedly posted 352 verified Zoom accounts, seven of which were educational institutions. The Washington Post also published an article reporting several recorded Zoom calls that were posted online without the knowledge of participants and hosts. In another instance, NBC News reported that hackers were also selling and posting personal account information — email addresses, passwords and web addresses — of 530,000 compromised accounts.
SDSU’s IT department is diligently working to simplify usability and increase security for faculty, staff and students. Some of these measures include moving resources such as the Faculty Instructional Technology Center online.
“We’ve seen dozens of faculty on a daily basis,” Hauze said.
Other measures involve workshops such as virtual instruction premier (VIP), where ITS staff help professors with transitioning to teach virtually, which Hauze said has helped train an estimated 1000 faculty and staff members. Fitipaldi said Zoom meetings for security and infrastructure questions are also being hosted daily by the IT security unit for faculty and staff.
“We are in a very privileged space where we do have an IT department and a great team of people that are helping us make this a better type of situation,” Rodriguez said.
For more information on how to keep Zoom meetings secure, faculty and students can visit IT’s Zoom protection page.