This rule identifies Zoom meetings created without a passcode, which exposes them to potential Zoombombing—unwanted disruptions by intruders during video calls. The detection involves monitoring the Zoom event logs for meetings that lack this essential security feature. The rule highlights the importance of safeguarding teleconferencing sessions, especially during heightened risks like the COVID-19 pandemic, and outlines investigation and response procedures when such meetings are detected. Key investigation steps include reviewing event logs for specifics about the meeting, verifying reasons for passcode absence, checking participant legitimacy, and assessing if sensitive information was discussed. The guide also addresses false positives related to internal meetings without passcodes and suggests creating exceptions for trusted users. When a meeting without a passcode is identified, immediate actions such as terminating the meeting, notifying the organizer, and reviewing Zoom account settings to enforce mandatory passcodes are recommended. Further audits and enhanced monitoring are also suggested to prevent future occurrences, alongside preparation for potential public relations responses regarding the incident.