We have noticed an increase in unwanted and/or unintended activities witnessed by hosts and attendees of Zoom sessions. While not explicitly Zoom-bombing incidents, the activities have caused the hosts and attendees quite a bit of concern. While there are steps that CGU IT, TCCS and the other Claremont Colleges’ IT’s, and Zoom Support can proactively take to mitigate such security-related issues, there is a limit to the role we can take, and many of the recent experiences by CGU students, staff, faculty and guests have been within the sole purview of the meeting hosts, attendees and schedulers.

What are some things that are happening?

1. Unwanted integrations: We have received complaints that attendees like AI tools have been joining Zoom sessions whether the host wants them to or not. Examples of such tools include Read.ai and Fireflies.ai
2. Content being re-used elsewhere without the permission of the host: We have received notices that the content within meetings and webinars like dissertation defenses have been re-posted on public venues outside of CGU or the Claremont Colleges.
3. Subtle, Zoom-bombing-like disruption: While not outright taking over a meeting, we have been notified that unwanted or at times, intended, meeting attendees are taking subtle steps to disrupt meetings, including examples like unmuting themselves at disruptive times, requesting activation of local recording even though the host is already recording the meeting, adding their own tools to the meeting, changing their username, and changing their profile picture.

Suggested Steps to Improve the Experience (generally):

• Check your Zoom profile settings often and before any meeting as these settings cannot be changed during a meeting
• Do not post meeting ID’s or links publicly as much as possible
• Limit the sharing of the recordings to whom you are certain you want the recordings shared with
  • If the recording is shared on YouTube or other publicly accessible venues, third parties do have the ability to repurpose that content, and you will need to take extra steps on your own to remedy those subsequent issues thereafter.
• Check the zoom owner’s email often before, during and after the webinar for any notifications from third parties

What to do in Meetings:

• Use waiting rooms, especially if you think the meeting ID/link has been shared externally
• Require pass codes, especially if you think the meeting ID/link has been shared externally
• Require visitors to self-identify with legal names
• Carefully read any and every warning or dialogue window that pops up on your device notifying you of something happening in Zoom (attendee, screen share, recording, AI, etc.)
• Do not approve AI tools without knowing for certain who is requesting the tool
  • Check your profile for future approvals if you want to disapprove this tool in the future, as some approvals are in perpetuity
  • Use the internal Zoom AI tools
• Proactively use the host tools – mute attendees, change the names of attendees if unintended, remove attendees if using disruptive behavior like profile pictures, chat privately with attendees.

Important Note – While many of these occurrences are not experienced in Teams, due to the requirement to authenticate into CGU’s ecosystem, similar vigilance and classroom/meeting management is still recommended/required.

Important Note 2 – Zoom has changed a lot in recent months and years, including the user interface and capabilities, so if you need a refresher on how to use the tool or what some additional features or capabilities the tool has, please follow up with IT.

Need help?

If you have trouble with security with Zoom or Teams, and/or you need assistance learning how to use Zoom, please contact the IT Service Desk at 909-621-8174, helpdesk@cgu.edu, or stop by our offices on the 3rd floor of ACB.