Zoom hacking issues force rethink of security for working from home

As millions of people work from home during this trying period, you can expect new technologies to be put under real-world stress-testing like never before. Unsurprisingly, Zoom is breaking.

The popular videoconferencing tool is now suspended by the education ministry in Singapore after hackers managed to get into a call and shared obscene images with some students.

That is no surprise, given similar incidents in the United States, where teachers and students have also faced harassment when having classes online.

They are among the many high-profile security lapses that Zoom has faced in recent weeks, as it became the most popular tool for schools, businesses and even government agencies to keep in touch during the coronavirus pandemic.

Just last week, Zoom Video Technologies said it had “mistakenly” routed some user data through China, a no-no for the many businesses and governments that do not trust the country’s communist government.

The company, which is based in the United States, said it usually does not send non-Chinese data to servers in China, but it had done so as part of its efforts to cope with increased traffic, the Financial Times reported.

Chief executive officer, Eric Yuan, has since promised to to improve the security in its offerings, especially to keep out Zoombombing, incidents where uninvited guests party-crash meetings.

Meanwhile, rivals to Zoom have touted their alternatives. Microsoft, for example, runs the Skype video call service as well as the more feature-packed Teams service that brings more collaboration tools.

Google, too, offers Hangouts for individuals and the Meet tool that is designed more for businesses. It often touts the security protocols used to protect data that is sent through the Internet, in contrast to Zoom’s rather loose efforts.

But those safeguards are not the only measures you need to take if you are jumping on a video call. Just like keeping out the coronavirus, the defence is only as strong as the weakest link. Often, this is the user.

If you’re using Zoom or other tools, there are many ways to keep safe, on top of what the software and service already provide.

For example, for Zoom, you should set up different passwords for chats with different people. Plus, have a waiting room before letting people in.

Other measures should be pretty generic by now, but they bear repeating. For example, if you are a host, don’t allow just anyone to share his or her screen without your permission.

Plus, if you are not speaking, mute your microphone. Turn off your video unless everyone has agreed to see each other’s faces virtually.

As is usual, the more people jump onto a digital service, the more potential victims there are for hackers. Video calls are surely among the biggest targets for attackers now, given the higher volume during this period.

Google’s Meet, for example, has seen day-over-day growth of more than 60 per cent in the past few weeks. Daily usage is more than 25 times what it was in January, according to the company.

If you’re one of those joining a call soon, it pays to be vigilant. The same for all other digital communications, whether it is that e-mail invoice seemingly from a colleague or a resume sent in from a candidate.

Here are more tips from Singapore’s Personal Data Protection Commission: