Back in April of 2020, when Zoom and online worship services were new, we experienced series of "zoom bombing" episodes with our congregations. The page Keep the Trolls Out! Avoid Zoom Bombing was created at that time to provide guidance for our congregations. While the basic tips and recommendations on that page are still sound, it's now 2023, the software has evolved and the zoom bombers have returned. This time, it appears that instead of people just looking to cause disruption in general, this is a more targeted effort by activists with views different from ours.

We have had reports of Zoom Bombing from several congregations this spring and here are some Do's and Don'ts to consider. As always we acknowledge it's a balancing act between security and protecting our members with being open and available to anyone who wishes to attend.

What To Do

• Do have your tech team create a plan and practice that plan. This is like a fire drill, the more we practice the better we are in the moment.
• Do have your tech hosts learn how to delete chat messages, mute individuals, turn off individual cameras, and remove individuals from the meeting and report them to zoom.
• Do double check all your settings - is annotations turned off? Is screen sharing limited to just the host? Are you using a waiting room and/or a registration system? Have you restricted the chat to just text so images and files can't be shared?
• Make sure all your meetings have a password on them.
• Do check out Zoom's help document, Preventing Disruptions in Zoom Events for step by step instructions and other recommendations.
• Do check out Zoom's Security Basics Video on YouTube.

What to Avoid

• Try to avoid having public events with only one tech person or host. It's hard to manage this alone.
• For non public events, such as small group sessions, RE classes and committee or board meetings, try to keep the meeting links out of public places like your website where anyone can find them.
• Don't admit people from the waiting room whose names you don't recognize, or if a public event, that aren't what appear to be real names. If you are unsure, message them in the waiting room, giving them a way to respond back such as an email address or number to text. Note: Those in the waiting room cannot chat back to the host.

Questions

We've gotten a few questions on the UUA's Zoom help desk, which supports those who have their zoom licenses through the UUA's Zoom Licenses for Congregations program.

• Has my account been hacked and should I change the password?
  While we can't say for certain since we weren't there, in general, no, these episodes do not mean your account was hacked. If so, you would have lost your host privileges. But if you are at all in doubt, yes, change your password. Changing passwords on a regular basis is a good security procedure.
• We were zoom bombed, were our participant's accounts compromised in any way?
  No. Zoom bombers don't have access to their accounts. They could take screen shots of people on the screen and the participant list. They would not have access to email addresses or their account login information.

Additional Resources

• Zoom's Support pages are full of helpful documents.
• How to Keep Uninvited Guests Out of Your Zoom Meeting
• You can reach out to the UUA's Zoom Help Desk at zoomhelp@uua.org