How to prevent your conference calls from getting hacked

A few simple, proactive steps will help reduce the chance of this terrible event from occurring on your watch.

Zoom screenshot with captioner present
Zoom screenshot with captioner present

I had been looking forward to this event for weeks

Instead, I listened to the second half with a somewhat numb, and heavy heart.

Being on an event where ad hominem, racist, ableist, homophobic, or misogynistic attacks occur is a harrowing experience for your participants, even if not all of your participants don’t identify with the groups that are being attacked. The bell can’t be unrung. No amount of apologizing removes the damage of the attack.

I’m not technical. What can I do?

If you are hosting an event, it is on YOU to determine your level of risk to have one of these individuals attending and craft an event that makes it as difficult as possible to have a platform for their discriminatory agenda.

Making digital things “more secure”

frequently results in making them harder to use

for people who use assistive technology.

You don’t want to create barriers for people with disabilities to attend your events just because your event may have a boogeyman.

1. Use a strong event password.

Security: Using strong event passwords is the first step in tightening up event security.

2. Require event registration.

Security: By requiring event registration, you can validate that email accounts or cell phones exist before accepting someone’s registration. This approach additionally allows you to request the “real name” of the event registrant, with the caveat that people register using fake names all the time. Look for apparent lies like “Fred Flintstone” and “Mickey Mouse” in your attendees’ list and scrutinize those individuals closely.

  • Form content and error behavior must be accessible. Review your form for the use of color, legends, field grouping, and signal that a field is mandatory. Ensure all field restrictions are announced by the screen reader when the person enters the field (or before it) and not only after. Check your error messaging against WCAG guidelines.
  • Don’t use inaccessible CAPTCHAs on your form under ANY circumstances. If you feel you need a CAPTCHA, investigate using honeypots. If you must use a CAPTCHA, use the Google I am not a Robot reCAPTCHA v3.

4. Never EVER reuse links for public meetings.

Security: The more you reuse a link, the more likely someone will post it, or it will get randomly derived by people trying to brute-force crack the encryption for your password. Use your static “room” URL for quick internal private chats, but generate new links for any meetings where the general public is invited.

5. Have a portal for questions to be submitted and filtered in advance.

Security: Opening up the meeting for questions can be problematic.

  • If you open up microphones with an unknown public audience, you have no idea what you will get.

6. Use a conference tool that supports waiting rooms.

Security: The Waiting Room feature allows the event host to control when a participant joins the meeting. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once. The latter is useful when you have a large panel of individuals speaking and want to gather them in a separate room until the event begins.

7. Use a paid webinar feature.

Security: Unfortunately, most conferencing software starts as freeware, and advanced features have to be purchased. By paying for a webinar feature, you can automatically:

  • Keep everyone’s microphones turned off, except for panelists.
  • Do not allow participants to turn on video.

8. Have “in case of hack, break glass” cookbook

Security: Don’t be so shocked you freeze when you get hacked. If you prepare for a hack like it is an eventuality and do “hack drills” with the people running the event, you will be more likely to end up with the best possible outcome under the circumstances.

  • Have a step-by-step process that describes what you do if the event gets hacked. You may want to change the link and update the invite, for example, if you have a relatively small number of attendees, or reschedule the event if you have a larger number of attendees. For large, paid events, you REALLY need to have a plan. People are slightly more forgiving of unpaid events getting hacked — all the people involved with running those events are effectively volunteers. Not so much for paid events that get hacked.
  • Prepare a statement describing the hack, apologize to the attendees, and talk about what you will do in the future to prevent this from recurring. Including that in your message will help folks traumatized by the hack to trust future events. Send a personalized email from your organization to the attendees, and post a general comment on your website or official social media channels — you don’t want the rumor mill controlling the messaging here. And you want to make it clear you won’t be as soft of a target next time to the evil-doers.
  • Are you going to involve the police/FBI? Take a screenshot, so you have evidence and identify attendees both inside and outside of your organization who are willing to attest to what happened without increasing their trauma.
  1. If you are going to change the link mid-event or reschedule, make sure people with disabilities know what’s going on.

Blogger, disability advocate, nerd. Bringing the fire on ableism. A11y Architect @ VMware. Wheelchair user w/ a deaf daughter. CS, Law, and Business background

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store