Skip to main content

Zoombombing: Protecting Cornell Courses

Related services: Zoom, Zoom for Courses


Zoombombing is when an unwanted attendee—possibly from outside the university—disrupts an online meeting. It’s been on the rise as web meetings become essential to keep higher education going.

The university has taken steps to reduce the likelihood and impact of disruption in Zoom. Instructors of online classes have been encouraged to adopt the practices outlined below.

Course default settings

  • Put attendees who haven't signed into Zoom into a waiting room until admitted by the host. (See how to admit from the waiting room.)
  • Only allow screen sharing from the host.
  • Don’t allow screen annotation.
  • Don’t allow file sharing.

Instructors can override the waiting room and screen sharing and annotation defaults.

Recommendations before class

  • Don't share or post any Zoom meeting link publicly.
  • Set a password for the meeting.
  • Don't allow "join before host."
  • Mute meeting attendees on entry.
  • Require authentication if the course only includes Cornell attendees. 
  • Turn off chat if it won’t be needed for class discussion. 

Note: These preferences are controlled from Zoom settings. If you’d like assistance locating them or clarification on what each does, please contact Cornell’s IT Service Desk.

Recommendations for class

Instructors should encourage students to sign in before class.

  • It’s more secure
  • They’ll see the students’ names in the participants list, instead of “Guest.”
  • They’ll enter the meeting automatically instead of the instructor having to admit them from the waiting room. 

See who’s in the meeting

Click Manage Participants in your Zoom meeting toolbar. A new window will open to the right of the main screen. Guests (attendees who didn’t sign in) will be highlighted.

Consider locking the meeting after everyone's arrived

If Zoombombing Abuse Does Occur

It's important to be aware of the emotional impact online abuse can have. Imagery of any kind that shows the violation of basic human rights (of adults or children) or targets a community is deeply troubling and can be traumatizing. Re-traumatization of victims of sexual violence, assault, and/or discrimination is also possible. There is also a risk of inappropriate exposure to children who are in the home environment of the remote worker. If an event is intended a child audience, consider recording the program instead of having it live.

If online abuse does occur (regardless of audience), do not pretend that it didn't and power through the meeting—or even advise participants to simply to look away. Rather, end the meeting swiftly and report the incident to Cornell Zoom Security at zoomsecurity@cornell.edu.

Then, follow up with the participants to:

  • apologize for the abrupt ending;
  • indicate what steps are being taken to prevent reoccurrence;
  • express care and concern for the participants; and
  • offer mental health resources that are available.

Additional Resources

If instructors experience a Zoombombing disruption, the Center for Teaching Innovation has some ideas on how they can respond.

If participants need referral after experiencing online abuse, see Working at Cornell's mental health resources for employees and mental health resources for students.

If instructors have questions about teaching online, see the Center for Teaching Innovation’s Preparing for Alternative Course Delivery during Covid-19.

If instructors have technical questions about Zoom or need a license for a class of more than 300, contact the IT Service Desk

Was this page helpful?

Your feedback helps improve the site.

Comments?