It has been reported recently that Zoom security has been compromised because accounts are available for sale on the dark web.
So how safe is Zoom? What does this mean for online counselling?
I’m writing a series of short blogs to help you decide. The first was on Zoom Bombing (Zoom Security for Counsellors) and the second on encryption (Zoom Encryption for Counsellors)
This third one is about something called “credential stuffing”, what it is and how to avoid it happening to you.
Definitions
Credential Stuffing
Email addresses and passwords that are used on one site may become available to hackers due to security flaws. These are then tested on other sites to gain access to accounts. The reason credential stuffing is possible is due to people using the same email and password across numerous different websites.
The Dark Web
This is the section of the internet that is accessed by special software and enables anonymity, meaning it is often used for illegal purposes.
How Does This Affect Zoom Security?
It has been reported that Zoom accounts are available for purchase on the dark web. (See: bleepingcomputer report)
In the process known as credential stuffing, hackers have been able to use email addresses and passwords from other services to gain access to genuine Zoom accounts.
If your account details are available to hackers it means your account is not secure. Hackers have access to your contacts and to your meetings.
Use a Unique Password for Your Zoom Account
To protect yourself and your clients, change your Zoom account password to something that is different to any other passwords you have used. This will secure your account.
Does This Mean Zoom is Untrustworthy?
Unfortunately it is common for user accounts to be for sale on the dark web. Zoom’s popularity has meant user accounts have become a target for criminal activity.
It is not a problem specific to Zoom – it is a common occurrence for most sites that attract consumers such as Facebook, Amazon or Twitter.
It has added to the negative headlines about Zoom and sounds scary.
However, will you now stop using Facebook or Amazon knowing it is possible your account details have been compromised?
Or will it just make you change your password?
Enhance Zoom security with best practices
Please note that however many security features are inserted into a software product:
Human error is the most likely source of computer hacking
Computer hacking often starts with a human interaction, for example a phone call or email convincing you to share your password or download a file that inserts malware onto your machine.
For this reason, the most important ways to protect your clients are to:
- Use passwords that are not easily guessed. So do not use passwords such as family names, “password”, “ABC123”, “123456”, “Admin”, “Welcome”, “I love you”
- Do not use the same password across multiple sites
- If you struggle to remember passwords, use a password manager such as that offered by Google chrome or Apple keychain
- Never reveal your password to anyone
- Keep your computer, phone and relevant apps up to date in order to have the latest antivirus software and patches
- Beware of emails asking for urgent action where you click on a link and then have to enter your user name and password. Never login from an email – go to the genuine website that you trust and login from there.
Conclusion
Zoom is a topical subject when large parts of the world are relying on video conferencing software to make contact with friends and customers.
Zoom security headlines are doing their job as click bait to attract users to web pages and adverts.
However, when examined in depth, what has emerged is that computer security is first and foremost dependent on people being careful with the way they use software. Changing and protecting passwords is of vital importance.
If you’ve found this series of blogs helpful, do subscribe to Josephine’s mailing list for updates or join her Facebook community of counsellors.