The Importance of Data Security and Privacy in the Work From Home (WFH) Period During the Covid19 Pandemic (Case Study: Zoom)

Introduction

The Covid19 pandemic that hit almost all countries in the world, including Indonesia, created a new thing in human work. The pandemic, which has been going on for a year since the discovery of the case in late 2019 and began to emerge in Indonesia in early 2020, has made the government and all elements of society to create conditions where there is no longer a large mass gathering in a closed room. This has triggered the existence of Work From Home (WFH) among government agencies, schools, and universities.

WFH makes work mostly or wholly done online via the internet. These jobs include documentation, teaching and learning activities, meetings/discussions, seminars, and others, using internet media. Some of the media commonly used include Zoom, Google Meet, Microsoft Team. In this paper, the focus is on a number of cases of Zoom Bombing in the Zoom application, which were most widely used during WFH.

Description

Several cases of security and privacy threats to Zoom users that have occurred during the WFH era, two of which are hacking of user passwords and selling accounts of hacked users. Zoom provides access to online video and audio-based discussions between users, as well as sharing multimedia data in it. Hacking by attackers greatly increases the likelihood of gaining access to the user's Zoom system, tapping into the conversation, obtaining shared files, or reading the discussions that occur. This will be very detrimental to individuals and organizations that use Zoom and become victims of this digital crime, from a privacy and financial standpoint.

A report from the FBI states that the data of Zoom users who have been hacked by attackers (personal, organizational, corporate), are sold on the Dark Web. If this stolen data falls to the wrong party, it will be very detrimental to the user. For example: government data, business secrets, individual personal secrets, patient medical records and medical records, and so on. This data is also susceptible to being misused by other parties to gain big profits.

A report from the FBI states that the data of Zoom users who have been hacked by attackers (personal, organizational, corporate), are sold on the Dark Web. If this stolen data falls to the wrong party, it will be very detrimental to the user. For example: government data, business secrets, individual personal secrets, patient medical records and medical records, and so on. This data is also susceptible to being misused by other parties to gain big profits.

However, considering that security consists of three sides (system, policy, user), in this case, to balance security on the system side, it is necessary to implement security policies according to standardization (for example: ISO 27001) in companies/agencies/organizations as well as a good understanding of the importance of security and privacy (security awareness) of users and the general public. For the public and users, among others, do not use a weak password combination, change passwords periodically, and activate Two Factor Auction (TFA). From the government, regulations in the form of the ITE Law can help to realize user security, comfort, and privacy.

Conclusion

The Covid19 pandemic that forces WFH, on the one hand, requires good handling of data security and privacy of users in it, as well as the need for joint awareness of all parties (users and service providers) regarding the importance of data security and privacy. Also, the legal realm also needs to protect users and service providers from data security and privacy threats, through the provision of laws in the cyber sector (for example; the ITE Law in Indonesia).

References

[1]Suara.com. Marak Peretasan, Akhirnya Zoom Perbaiki Sistem Keamanannya. [online]

https://www.suara.com/tekno/2020/04/24/064314/marak-peretasan-akhinya-zoom-perbaiki-sistem-keamanannya?page=all

[2]CNN Indonesia. Pakar Bagi Cara Agar Akun Zoom di RI Tidak Dijual di Dark Web. [online]

https://www.cnnindonesia.com/teknologi/20200416063252-185-494017/pakar-bagi-cara-agar-akun-zoom-di-ri-tak-dijual-di-dark-web

[3]Seluler ID. Insiden Zoom: Serangan Cyber Meningkat Saat WFH. [online]

https://selular.id/2020/04/insiden-zoom-serangan-cyber-meningkat-saat-wfh/

[4]Techno Kompas. Viral Video Laptop Dibajak Setelah Pakai Zoom, Ini Penjelasan Pakar. [online]

https://tekno.kompas.com/read/2020/04/23/13410097/viral-video-laptop-dibajak-setelah-pakai-zoom-ini-penjelasan-pakar?page=all

[5]Suara.com. Duh, 530.000 Password Pengguna Zoom Dijual di Dark Web. [online]

https://www.suara.com/tekno/2020/04/15/075500/duh-530000-password-pengguna-zoom-dijual-di-dark-web