April 19, 2020 / by Dale Burgess / In security

Even Silicon Valley trips up on security sometimes

trip

Security slip-ups happen; it’s how you react to them that matters.

The COVID-19 pandemic has brought with it many changes. While some companies have seen remarkable expansion and growth, many others are struggling to stay afloat.

From a cyber-hygiene perspective, with most of the world now working from home, keeping your company’s networks, systems, and data safe and secure is becoming harder than ever. But if you can’t see a problem, does it really exist?

Zoom kaboom

Take Zoom, for example. Before COVID-19, Zoom had typical daily usage of approximately 10 million users, a more-than-respectable following. Enterprise customers, such as NAB, The University of Sydney, Atlassian, and the Australian Department of Defence, were already onboard with Zoom in 2019. These organisations would have performed security checks and due diligence on the software before deploying it. With the onset of the coronavirus crisis, Zoom’s usage numbers have exploded to more than 200 million since the turn of the year.

Yet in early April, due to safety, security, and privacy issues plaguing the platform, Zoom CEO Eric Yuan admitted to The Wall Street Journal, “I really messed up as CEO.” He stressed the importance of winning back people’s trust and announced a freeze on development for everything except resolving these large issues. Some of the issues stemmed from the fact that Zoom was originally designed for “large institutions with full IT support” – organisations that were mostly deploying it behind their own security measures.

But given current circumstances – with, virtually overnight, millions of people across the globe studying, working, and socialising from home – Zoom has had to react fast.

Say what you will about how Zoom got into this position in the first place. But any company – let alone a successful, publicly listed, post-unicorn Silicon Valley tech company – that takes responsibility and immediately moves to rectify significant shortfalls in key areas – should be commended.

What you don’t know can hurt you

Why is this important? Security is one of those things that often receives attention only at the worst times – a near miss, a breach, or someone stumbling across something they weren’t trying to find. Constant monitoring and reporting are necessary for ongoing protection and, importantly, visibility.

This visibility is a key issue across multiple systems, platforms, and devices. With attention, security, like a fine wine, will improve over time. But don’t treat it with care, and you’ll find that your Hunter Valley Shiraz has turned into an NT4 Server.