Published: April 17, 2020 4:25:44 am
Cautioning users of video conferencing platform Zoom that it is “not safe”, the Ministry of Home Affairs has, through its Cyber Coordination Centre, issued detailed guidelines on how to use the platform securely so that sensitive information is not leaked.
The development comes in the backdrop of a massive surge in the use of the platform by the corporate world and, in some instances, even by the government to conduct meetings during the lockdown, which has restricted movement of people. Earlier, Computer Emergency Response Team (Cert-In) had similarly issued advisories about exercising caution while using Zoom.
“Zoom is a not a safe platform and advisory of Cert-In on the same dated Feb 06, 2020 and March 30, 2020 may kindly be referred. These advisories are available on Cert-In website,” the MHA advisory said.
CERT-In had warned that the app is prone to hacking and issued an advisory for both the users and the operators who use Zoom. The agency’s advisory had said the unguarded use of Zoom could leave users vulnerable to cyber attacks and allow cybercriminals to have access to sensitive information like details of meetings and the conversations carried out using the app.
MHA has now issued guidelines, largely on the lines of those issued by CERT-In, on how Zoom should be securely used. “Those private individuals who still would like to use Zoom for private purpose”, the MHA said, should enable/disable certain features and take some precautions. It said the objective of the guidelines was “to prevent unauthorised entry in the conference room, to prevent an authorised participant to carry out malicious act on the terminals of others in the conference and to avoid DOS attack by restricting users through passwords and access grant.”
“Most of the settings can be done by logging into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However, certain settings are possible through certain mode/channel only. For example, lock meeting can be enabled by administrator only when the meeting has started,” the MHA advisory said.
The document then goes on to explain in detail all the security configuration through the website, app and through console during the conduct of a conference.
Among the precautions it has cited are: Setting new user ID and password for each meeting; enabling waiting room so that every user can enter only when host conducting meeting admits them; disabling join before host; allowing screen sharing by host alone; disabling ‘Allow removed participants to re-join’; restricting/disabling file transfer option (if not required); locking meeting, once all attendees have joined; restricting the recording feature; and to end meeting (and not just leave, if you are an administrator).
It has also advised conference organisers to not use their personal meeting ID (PMI) to host event and instead use randomly generated meeting IDs for each event. It has also cautioned against sharing one’s link on public platform. “It makes it much secure and difficult to leak,” it said.
CERT-IN in its advisory had also asked users keep the software patched and up-to-date.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
© IE Online Media Services Pvt Ltd