The URL can be used to link to this page

Home My WebLink About04.14.20 Email from Art Robinson - Zoom Conferencing - Cybersecurity Follow Up From:Robison, Art To:Dept Heads;Asst Dept Heads;ISR - Information Security Representatives;Alpert, Bruce;Bennett, Robin;Clerk of the Board;Connelly, Bill;Cook, Holly;Lambert, Steve;Lucero, Debra;McCracken, Shari;Pickett, Andy;Ring, Brian;Ritter, Tami;Rodas, Amalia;Sweeney, Kathleen;Teeter, Doug Cc:Information Systems (County I.S. Dept.);Taggart, Kevin Subject:Zoom Conferencing - Cybersecurity Follow Up Date:Tuesday, April 14, 2020 11:01:49 AM Team, Much has been said about Zoom conferencing over the past weeks of our COVID-19 experience. However, what needs to be considered by all of us is an article from BleepingComputer which posted yesterday. https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker- forums-the-dark-web/ The article demonstrates that, while Zoom has had security issues, the Zoom user community must also assume some responsibility for the security problem. The article cites that users have employed the same username and password across multiple services. These credentials were not harvested from Zoom. They were discovered elsewhere. Bad actors routinely obtain, market and sell logon credentials on the dark web. Secondary bad actors exploit the credentials against other services at Google, Facebook, Twitter, Instagram, Office and Zoom, to name but a few. Once logged into these services, the hackers assume the full identity of the user. The hacker can do whatever that user can do. Often, these actions do not reflect what the real user would do. Zoom deserved the bad press regarding the items under their control, which they were quick to fix. However, they don’t deserve the ire of the public related to user actions. The takeaway from this story is that we all need to consider and practice proper cybersecurity techniques. Changing passwords is a pain. Resynching your devices is disruptive. From time to time, many of us end up in an account lockout scenario because a forgotten device continues to login with old credentials. Sometimes, we forget our new password and have to admit that fact to Help Desk staff. Each of these scenarios has happened to me, multiple times. “What a hassle.”, “How aggravating!”, “What a waste of time.”, “I don’t have time for this.”, and “This is so ridiculous!” are phrases that have come from my own mouth. Many of you can relate. However, we now see the other side of the coin, played out on Zoom and in the media. So, the next time you get prompted for a new password, and have to remember the name of your first dog, and receive an SMS message on your phone to confirm your identity, remember the Zoom story. It serves a reminder that password changes are a necessary part of using technology. Someday, we may be asked to receive a number on our right hand and forehead to uniquely identify ourselves. However, in the interim, passwords are the default. Art Robison Director Butte County Information Systems 308 Nelson Avenue, Oroville, CA 95965 T:530.552.3200 | F: 530.538.6419 Twitter | Facebook | YouTube | Pinterest