Zoombombing: Protecting Cornell Courses
Zoombombing is when an unwanted attendee—possibly from outside the university—disrupts an online meeting. It’s been on the rise as web meetings become essential to keep higher education going.
The university has taken steps to reduce the likelihood and impact of disruption in Zoom. Instructors of online classes have been encouraged to adopt the practices outlined below.
Course default settings
- Put attendees who haven't signed into Zoom into a waiting room until admitted by the host. (See how to admit from the waiting room.)
- Only allow screen sharing from the host.
- Don’t allow screen annotation.
- Don’t allow file sharing.
Recommendations before class
- Don't share or post any Zoom meeting link publicly.
- Set a password for the meeting.
- Don't allow "join before host."
- Mute meeting attendees on entry.
- Require authentication if the course only includes Cornell attendees.
- Turn off chat if it won’t be needed for class discussion.
Recommendations for class
Instructors should encourage students to sign in before class.
- It’s more secure
- They’ll see the students’ names in the participants list, instead of “Guest.”
- They’ll enter the meeting automatically instead of the instructor having to admit them from the waiting room.
See who’s in the meeting
Click Manage Participants in your Zoom meeting toolbar. A new window will open to the right of the main screen. Guests (attendees who didn’t sign in) will be highlighted.
Consider locking the meeting after everyone's arrived
- At the bottom of the Participant window, click More, then select Lock Meeting.
- Be ready to eject disruptive attendees.
If Zoombombing Abuse Does Occur
It's important to be aware of the emotional impact online abuse can have. Imagery of any kind that shows the violation of basic human rights (of adults or children) or targets a community is deeply troubling and can be traumatizing. Re-traumatization of victims of sexual violence, assault, and/or discrimination is also possible. There is also a risk of inappropriate exposure to children who are in the home environment of the remote worker. If an event is intended a child audience, consider recording the program instead of having it live.
If online abuse does occur (regardless of audience), do not pretend that it didn't and power through the meeting—or even advise participants to simply to look away. Rather, end the meeting swiftly and report the incident to Cornell Zoom Security at email@example.com.
Then, follow up with the participants to:
- apologize for the abrupt ending;
- indicate what steps are being taken to prevent reoccurrence;
- express care and concern for the participants; and
- offer mental health resources that are available.
If instructors experience a Zoombombing disruption, the Center for Teaching Innovation has some ideas on how they can respond.
If instructors have questions about teaching online, see the Center for Teaching Innovation’s Preparing for Alternative Course Delivery during Covid-19.
If instructors have technical questions about Zoom or need a license for a class of more than 300, contact the IT Service Desk.