Skip to main content

Cornell University

IT@Cornell

Latest News

Zoom logo

Going forward, Zoom meeting owners (hosts) will receive an email notification when Zoom judges their meeting’s security has put it “at risk” for intrusion or disruption ("Zoombombing") by uninvited or unwanted participants.

How Does Zoom Decide If a Meeting Is At Risk?

When Zoom determines a meeting is at risk, the host will receive an email notification from Zoom with the subject line, Your Zoom Meeting Is At Risk: Enable Security Settings.

To determine this, Zoom scans social media websites and other public resources to see whether meeting links have been posted to social media sites by the host or an invited attendee. 

While Cornell requires passcodes for all Zoom meetings, when a meeting link is publicly shared, it may have the passcode embedded within the link, or the person who shared the link may also have posted the meeting passcode, not realizing that in doing so they have opened the meeting to potential Zoombombers, not just potential interested participants.

Zoom also reviews the meeting’s security options, such as whether the host has enabled the Waiting Room or has required attendees to be signed in.

What Actions Should Hosts Take If They Receive a Notification?

An example of Zoom’s at-risk notification is included at the end of this article.

Hosts who receive an at-risk notification should take it seriously and review their meeting security settings. These include

  1. Make sure the public posting of the meeting link was intentional and necessary. If not, remove it or, if posted by someone else, ask them to remove it, if possible.
  2. If the meeting link does need to be shared publicly, add additional security steps to the meeting if not already present. These include enabling the Waiting Room and requiring that attendees be authenticated.
  3. If you or another participant did not intentionally post or share the meeting link, as a last resort, you might consider canceling the existing meeting and rescheduling, and if someone other than you shared the meeting link, cautioning them about the security risks involved in sharing Zoom links publicly. 

Depending on the kind of event you have planned (for example, a presentation by a limited number of panelists), you might consider using a webinar instead of a meeting. Webinars limit how much the audience can interact and therefore also limit how much an attendee can disrupt a session. However, while webinars can provide hosts with greater control, webinar licenses must be specially requested by most Cornell users, and are not available to students.

Hosts who understand the security risk but nonetheless need to publicly share Zoom meeting links should educate themselves about how to protect meetings from disruption or unwanted access to sensitive or confidential information. 

Some IT@Cornell resources for Zoom security:

 

Typical Zoom At-Risk Notification

Hi there,

We’re reaching out to you because a meeting scheduled by a user <email address, no name> on your Zoom account has been posted online, and it doesn’t have certain security features enabled. This opens the door for anyone (including unwanted guests) to join your meeting. To protect your meeting and prevent disruptions, we recommend updating its security settings. 

Details about the post: 

  • Link to the post: <LINK>

  • Link to the meeting: <LINK>

  • Scheduled by: <HOST>

Recommended Security Settings to enable: 

Unfortunately, meetings without robust security settings can become targets for malicious actors who search the public internet for unprotected meetings. To address this, we’ve developed the At-Risk Meeting Notifier , a tool that scans public internet posts for Zoom meeting information and checks the meeting’s security settings. If a meeting is deemed high-risk of being disrupted, we notify the account owner, admins, and designated Trust & Safety contacts to help safeguard the meeting. You may also choose if you want meeting hosts under your Zoom account to receive email notifications if they have a meeting that might be at risk of disruption , identified by the At-Risk Meeting Notifier. 

We encourage you to learn more about securing your meetings and take steps to reduce the risk of disruptions. 

Thank you for taking action to ensure your meetings remain secure. 
Team Zoom 

 

Tags

zoom
security
zoombombing

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.