NSE cautions trading members about Zoom video conferencing app, cyber threats

Leading stock exchange NSE has cautioned trading members about video conferencing app Zoom and cyber threats amid increased usage of the platform in the wake of nationwide lockdown to contain coronavirus pandemic.

Many organisations have switched to work-from-home due to outbreak of the pandemic with employees using online communication platforms, including Zoom, Microsoft Teams, for remote meetings and webinars.

It has been observed that some of these apps are not secured and are vulnerable to be exploited thus revealing users identity, location or content of the discussion, the National Stock Exchange (NSE) said in a circular.

The exchange requested all trading members to undertake appropriate actions as applicable to their environment.

To mitigate the threat, it has been advised that officials may refrain from using Zoom meeting for discussion involving sharing of classified or sensitive information, the exchange noted.

If it is absolutely necessary to discuss official meetings, then sufficient precautions need to be taken to avoid leakage of personally identifiable information or other details of sensitive nature, it added.

It has been suggested to keep Zoom software patched and up-to-date.

"Always set strong, difficult-to-guess and unique passwords for all meetings and webinars. This is especially recommended for any meetings where sensitive information may be discussed," the circular said.

In a separate circular, the exchange cautioned trading members against cyber attacks -- social engineering, ransomware and phishing.

"This is the time when cyber attacks generally peak as the attackers try to utilise the paranoia around such pandemics and hence we request all of you to be very wary and careful," NSE said.

It has been advised not to click on links or download attachments from unknown sources, always verify the security of a website and ignore and delete emails with poor grammar and formatting.

"Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately. Question the validity of any email that asks you to submit personal or financial information," it added.

In addition, it has suggested not to click on COVID-19 related messages with attachments and asked to be careful from websites that start with "Coronavirus" or "Covid", which supposedly track virus outbreaks.

Earlier this month, rival bourse BSE had cautioned market intermediaries against malicious cyber attacks amid increased usage of mobile phones and tabs.