Home ministry warns against using Zoom, prevents government officials from using meeting platform

Hyderabad: Amid growing security concerns regarding the use of Zoom app, the Union ministry of Home affairs (MHA) has warned all government officials and officers against using the Zoom meeting platform.

The MHA's Cyber Coordination Centre (CyCord) has issued an advisory on the secure use of Zoom by private individuals. The advisory also states that the platform is not for the use of government officers/officials for official purposes. The objective of this advisory is to prevent any unauthorised entry into a Zoom conference room and prevent malicious attacks on the terminals of other users in the conference.

Further, the document makes reference to earlier advisories of the Indian Computer Emergency Response Team(Cert-In) and states that Zoom is not a safe platform. The guidelines have been issued to safeguard private individuals who would still like to use the platform for private purposes.

The advisory listed ways to safely use the platform. "Prevent unauthorised entry in the conference room, prevent an authorised participant to carry out malicious work on the terminals of others in the conference. Avoid DOS attacks by restricting users through passwords and access grants," it said.

While most of the settings can be done by logging into a user's Zoom account on the website, or through an installed application on the PC/laptop/phone and also during a conference, certain settings are possible through certain modes or channel only. For example, lock meetings can be enabled by the administrator only when the meeting has started. CyCord also suggested setting a new user ID and password for each meeting, enabling a waiting room so that every user can enter only when the host conducting the meeting admits him, disabling "join before host", and allowing screen sharing by host only. Disabling “allow removed participants to re-join", restricting or disabling file transfer option (if not required), locking meeting once all attendees have joined, restricting the recording feature, and to "end meeting" and not just leave if you are administrator, were some of the guidelines listed.