What Happens When Your Ministry Gets Zoombombed?

In 2017, about a dozen young adults started an online ministry on Zoom called Philippine Prayer Call. It was the combined efforts of a group of missionaries from the Philippine Amazing Facts Center of Evangelism (PAFCOE) and a group of passionate youth from the province of Albay.

The purpose of the ministry is to have meaningful biblical discussions with fellow Adventist believers and to join in united prayer over the internet.

Since then, the ministry has grown significantly, with numerous invited speakers, including Charissa Torossian, Pastor Gary Blanchard and Pastor Pavel Goia.

Since the COVID-19 crisis impacted the Philippines, the organisers have increased the sessions from twice a day to four times a day at 5 am, 10 am, 1 pm and 8 pm. Each session is composed of a main talk, a question and answer session and breakout sessions.

Attendance ranges from 40-300+ people per session.

However, even an online ministry with more than three years of experience isn’t immune to Zoombombing, a recent trend of cyber criminals disrupting Zoom meetings in bizarre ways ranging from silly pranks to insidious takeovers that include pornographic materials.

In late March or early April, the Philippine Prayer Call was Zoombombed while Pavel Goia was preaching during the Divine Service.  This particular call had one of the highest attendance numbers the ministry had ever seen.

As a result of this experience, the Philippine Prayer Call organisers and supporters developed a set of guidelines to protect the sanctity and privacy of their meetings.  These rules have ramped up their security while still allowing them to fulfill their mission as a ministry.

  1. Set a Zoom Meeting Password

The Zoom Meeting password is an automated protection that you can set and edit anytime from different meeting rooms.

However, passwords can easily be tracked because people often share them publicly when posting. So, the Philippine Prayer Call ministry implemented a secondary protection to supplement the Zoom Meeting password.

  1. Set a Zoom waiting room

Unlike passwords, which are automated and controlled by bots, the waiting room is an area that is managed by real people (usually the host).  Using the waiting room setting, you can determine who will enter the meeting room.

  1. Don’t share screenshots with the meeting ID and password

Another guideline they set in place was to refrain from sharing screenshots of the meeting room as the Zoom ID and password are shown at the top of the application.

Prior to establishing this guideline, many within the ministry would inadvertently share the meeting IDs and passwords in their screenshots.

Now, they still allow for sharing of photos of the meetings, but everyone knows to crop the top part to maintain the privacy, while still allowing their social media followers to stay up to date on their latest meeting.

  1. Appoint co-hosts

In their experience when the Zoombombers infiltrated the meeting during a Sabbath service, the sole host was praying with the worship speaker in a separate breakout room, so he had no idea what was happening in the main session.

In fact, it took the host three minutes to come into the worship room only to find five Zoombombers in the room playing worldly songs, saying profane words against God and the Holy Spirit, and yelling obscene curse words.

From that point on, Philippine Prayer Call has assigned at least three co-hosts to each meeting to guard against suspicious people within the main session and to be prepared to kick them out the moment there’s any disturbance.

  1. Assign Gatekeepers

From their experience, they also recommend assigning two people who will act as the ones who are tasked to approve who is allowed to come in from those who are waiting in the meeting room.

As the host is usually busy monitoring the status of the meeting, gate keepers can alleviate some of the pressure from the hosts. By assigning these roles, especially in more public Zoom meetings, it has allowed the Philippine Prayer Call team to focus more on the session as they know several people are securing different parts of the Zoom meeting room, and it has created a more seamless security process.

  1. Enable annotation, screen sharing, and file sharing only when necessary

One thing they’ve also noted is that the annotation, screen sharing and file sharing features should be disabled.  These features are only advisable to be enabled during breakout sessions.  For meeting rooms that usually have only one speaker, they are unnecessary.  So, to keep their main screen clean and safe, this is disabled by default.

  1. Encourage your followers to use their real name and photo

Because the Philippine Prayer Call meetings are larger than some and public facing, the approval process for allowing people into the meeting requires attendees to use their real names and photos to enter the meeting.  In this way, if one of the gatekeepers needs to verify someone’s identity, they can do it through social media. Once approved, the gatekeepers will admit the person from the waiting room into the main session.

To supplement this, they have posted and pinned a reminder about this guideline on the Philippine Prayer Call Facebook page so their community can see it.

They also include this reminder on the waiting room screen so that the people there will be prompted on what actions they can take to be approved and allowed into the meeting room.

The Philippine Prayer Call ministry says that “while we understand these practices may not work for everyone, they are some of the best practices that we’ve found on the Internet and from our experience.”

Don’t Let Your Circumstances Shape You

Pavel Goia was the speaker on the Sabbath morning the Philippine Prayer Call was Zoombombed.  After it happened, he quoted from the Spirit of Prophecy to encourage the ministry to continue with their efforts despite the risk presented by the Zoombombers.

He said, “Man can shape circumstances, but circumstances should not be allowed to shape the man. We should seize upon circumstances as instruments by which to work. We are to master them but should not permit them to master us.” – Help in Daily Living, page 45

To learn additional information about how to manage the risks of Zoom, you can also visit Risk Management’s article Risk Alert: Zoom Bombing

Written by Jan Amantiad who joined the Philippine Prayer Call team in March 2020 and is a graphic designer and assistant for the Digital Discipleship Ministry