Sophos shares security tips to make Zoom safe

Online security issues can usually be resolved if individuals understand basic prevention and protection mechanisms, according to Oxfordshire, UK based network security provider Sophos.

Companies across the world have adopted the work from home model to ensure business continuity during the ongoing Covid-19 pandemic. However, tools that help ease workload often also have an increased risk of cyberattacks. 

One of the most used video conferencing platform, Zoom, for example, has seen its security issues rise as quickly as its popularity, making it vulnerable to hackers. 

A recent report by cybersecurity solutions provider Check Point Research showed that over 1,700 new ‘Zoom’ domains have been registered since the start of the coronavirus pandemic, 25% of which were registered in the past week.

"Unfortunately, a lot of the habits that existing Zoom users have fallen into the need to change. Insecure shortcuts – ways of using Zoom that the old-timers have inadvertently been teaching to the Zoom newcomers didn’t seem to matter that much before, but they do now," Paul Ducklin, principal research scientist, at Sophos said in a statement.

Founded in 2011 by Eric Yuan, San Jose headquartered Zoom has seen daily meeting participants surge from 10 million in December last year to about 200 million in March.

Organisations have channelled efforts towards ensuring service availability. However, companies also need to look at securing systems, resources and data, Mumbai-based telecommunications firm, Tata Communications said in a statement.

The telecom firm also said that organisations require a Covid-19 risk management strategy covering both, human safety as well as information and data security to keep business secure.

"Organisations need to have the right monitoring in place to identify Covid-19-related phishing and malware attacks as these are on a continuous surge. It’s critical to ensure traffic and email monitoring, filtering and blacklisting solutions to weed out such attacks," Avinash Prasad, vice president and head for managed security services and content delivery network, at Tata Communications said.

Yuan recently announced that Zoom will not be updating any new feature until it fixes the current feature set to tackle its security issues. 

Ducklin recommends users to actively update all of their applications manually, instead of auto-updating.

"Why not get into the habit of checking you’re up-to-date every day, before your first meeting? Even if Zoom itself told you about an update the very last time you used it, get in the habit of checking by hand anyway, just to be sure,” Ducklin explained. 

Sophos recommends using a randomly generated meeting ID, and setting a password on any meeting that is not explicitly open to all.