SIPRI Intranet

Zoom bombings – Online meeting security

A so called Zoom bombing occurs when uninvited participants gain access to a video conference call. The intruders often disrupt meetings by sharing inappropriate content on their web cam or by flooding the chat with unwanted messages. While Zoom has given its name to this phenomenon, similar disruptions can occur on any video conferencing platform including Teams. Use the information here as a guide on what to do before, during, and after a meeting–choose the best options for your specific meeting. Please also note that these specific instructions are for Zoom, but the general advice applies across platforms.

Before the meeting
In-meeting actions
What to do after
Extra tips

Before the meeting – quick checklist

  • Avoid sharing meeting links on public platforms or social media
  • Use a meeting passcode (required for most links).
  • Don’t reuse your Personal Meeting ID (PMI) — create a unique meeting ID for each event.
  • Enable the Waiting Room and admit people manually (at least for public/large meetings).
  • Require authentication to join (only allow signed-in Zoom users or restrict to your organization).
  • Require registration for public events (collect emails; unique joining links).
  • Disable “Join before host” so attendees can’t start the meeting without you.
  • Turn off automatic screen sharing — allow “Host only” or make co-hosts explicitly.
  • Limit file transfer and chat if not needed (and disable private chat or file transfer).
  • Keep the Zoom client and account settings updated.

In-meeting actions (if something goes wrong)

If a disruption occurs you can use the Panic button “Suspend Participant Activities” to quickly stop ALL participant actions including mic/video, screen sharing etc. Under Host tools you will also find a number of other useful tools to restrict actions during a meeting:

  • Lock the meeting (Host tools → Lock Meeting). No new joins.
  • Remove offending participants (click participant → Remove).
  • Stop them from rejoining: after removal, do not allow removed participants to rejoin (set that option in Host tools if available).
  • Immediately disable participant screen sharing, annotation, chat, and renaming option.
  • Mute all and unmute only those you trust.
  • Assign/verify co-host/s so someone else can help moderate.
  • Turn off video for all participants, or put them in waiting room and only re-admit known participants.

What to do after a Zoom-bombing incident

  • Collect evidence — chat logs; recording; screenshots; list of participants; time & date of meeting. This will be needed to report the incident to Zoom and if so decided, the police.
  • Notify SIPRI IT at support@sipri.org and your manager
  • Notify affected attendees and share guidance (if sensitive info has been exposed).
  • Change future meeting links/passwords and consider additional restrictions.
  • Review settings and meeting procedures so it doesn’t happen again.

Extra tips & their trade-offs

  • Waiting Room + manual admittance = strongest safety, but adds friction for attendees and extra manual labour for the host/co-host.
  • Requiring authentication/registration reduces risk, but makes joining harder for external guests.