Parliament's Zoom hack should be a wake-up call
For the first time in decades, the South African Parliament took an “unprecedented step” by allowing MPs to take part in some parliamentary proceedings via Zoom. This move has now resulted in a security breach in parliament. Yesterday, while MPs were about to start a parliamentary session they were greeted by nudity and swear words.
It was a matter of time before a security breach of this kind could hit an important institution such as the parliament. The South African parliament is not alone in experiencing this kind of interruption in a virtual meeting. A legal academic meeting in the UK was also disrupted a few weeks ago by hackers with child pornography.
Technology experts have been highlighting security concerns about Zoom and therefore a security breach of this nature comes with little surprise in the tech community. As more and more people conduct their work duties from home more security breaches can be expected.
This should be more of a concern for institutions that deal with important and sensitive information or discussions. The type of work conducted in parliament is a natural attraction for hackers .
The recent parliament hack should inspire an improvement in online security culture in institutions such as a parliament and other governance institutions. When everyone was working within the parliament building the Information Technology department could pick up on security holes. The challenge currently is that some Members of Parliament (MPs) are working from home and to some extent responsible for their own online security.
To correct this situation and prevent future similar cases there will be a need to improve on online security awareness and training programmes.
IT departments have a role right now that consists of making sure the technology architecture of their organisation enables employees and the community to keep working productively, even from their homes. In the current context, this means setting up entire systems for remote working.
Leeds City Council for instance in the UK got 11,500 office-based employees ready to work from home in the course of a weekend. The organisation's digital services team had to get 7 000 laptops ready-to-go in just three days, before the full impact of the spread of COVID-19 began to hit home.
Their IT department had to allocate more budget spending to VPNs, end-point security or multi-factor authentication to support secure access.
It is not too late to ensure that whilst people are working from home security protocols are observed. Technology departments need to be innovative with assisting employees and users to ensure that they don’t compromise security systems of their own institutions.
There’s a need to overhaul how online security is approached now that there’s more work from the home economy emerging. This process will also need to include being very selective and careful about technology products that are used to enable communication. Institutions have to be careful of just using the cheapest and easy to use technology solution. Security has to be the key deciding factor in choosing a technology solution.
MPs and other public officials can not be blamed for being victims of online security breaches.
They need better online security guidance by leaders of technology within parliament and public institutions. Zoombombing is probably less of a security threat compared with access to confidential documents via a compromised laptop of a public official. This recent incident in parliament should truly serve as a wake up call about online security in public institutions.
* Wesley Diphoko is the Editor-In-Chief of the Fast Company (SA) magazine. He can be reached via Twitter: @WesleyDiphoko
** This article was originally published in Fast Company.