CAMPUS NOTICE
 

OFFICE OF THE DIRECTOR, WORKPLACE TECHNOLOGY SERVICES

OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER

April 2, 2020


ALL ACADEMICS AND STAFF AT UC SAN DIEGO

SUBJECT:    Alert: Zoom Bombing Prevention and Reports

As large numbers of people turn to video conferencing platforms to stay
connected in the wake of the COVID-19 crisis, reports of meeting
hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI
has received multiple reports of conferences being disrupted by
pornographic and/or hate images and threatening language. At UC San
Diego we have begun receiving reports of similar occurrences.

As you continue the transition to remote teaching and meetings, we
recommend exercising due diligence and caution using Zoom and how you
manage online meetings. The following steps can be taken to mitigate
videoconferencing hijacking threats:

*Do not make meetings or classrooms public. In Zoom, there are two
options to make a meeting private:

1. Require a meeting password; instructions here: https://bit.ly/39Ghx85
2. Use the waiting room feature and control the admittance of guests;
instructions here: https://bit.ly/2UUik07

*Do change the default setting in Zoom to permit only authenticated
users; instructions here: https://bit.ly/2UT9AaA

*Do not share a link to a teleconference or classroom on an unrestricted
publicly available social media post. Provide the link directly to
specific people.

*Manage screen sharing options. In Zoom, change screen sharing to “Host
Only”; instructions here:
https://support.zoom.us/hc/en-us/articles/115005759423?zcid=1231

These steps and more can be found at:
https://blink.ucsd.edu/technology/file-sharing/zoom/safeguards.html

Additionally, be sure to review the material on cybersecurity and remote
work (including Zoom) at:
https://blink.ucsd.edu/technology/file-sharing/remote-work/security.html

In addition, later this week IT Services will enable partial masking of
participant phone numbers to enhance the privacy of individuals
participating by phone.

If you were a victim of a Zoom bombing, please report it as soon as
possible with the date, time, meeting host and if possible screen
captures of the offending material to zoombombing@ucsd.edu. It will be
investigated and reported to the most appropriate campus unit, including
the Office for the Prevention of Harassment & Discrimination (OPHD), if
it is behavior that constitutes harassment or discrimination.



Brett Pollak
Director, Workplace Technology Services

Michael Corn
Chief Information Security Officer