Are you one of the hundred of million new users of digital video tools? Did you give a second thought about the security of your personal data, that can be compromised while you are using the application? This blog is about video conferences in general, how we all need to be careful which tool to use.
Of course, a large number of new users is attributable to outrabek of new coronavirus COVID 19, when business meetings, socializing and even having parties has moved online and this is where video tools comes in hand. Developed with business meetings in mind, with tools like breakout rooms, screen sharing, private channel chat, recording, that is easy to use and cheap, encourages some businesses to use it for up to 8 working hours, to arrange important meetings. And it’s not negligible that confidential information and other sensitive information can also be discussed during such meetings.
This means that even if the content is encrypted, a call host can also record the information about users video, audio, text shared and can track whether users are paying attention by looking at the webcam. Under European data protection law, employees have the right to ask all the data a company holds on them, including Zoom data. If employees’ data is compromised, employers can face employee-initiated lawsuits and regulatory fines in many jurisdictions.
Employees could also record the business meeting, which means they could also be recording trade secrets, sensitive information which raises not only privacy law questions but the breach of trade secrets and confidentiality. If the employer insisted that employees use a system like Zoom, they should be carefully review the terms and conditions, security, data collection and privacy settings for the videoconference app they are using.
IntSights, Sixigill, Si-Cert, U.S. intelligence and many others that demostrated enormous security vulnerabilities. Research by IntSights found more thousand compromised video tools credentials on an underground forum. The data collected were passwords and usernames for accounts, meeting IDs, host keys, among them were corporate bank accounts, educational facilities, software vendors, information about companies finances and so on.
Here are some tips that users and employers can do in order to protect themselves.
Employers can notify the employees about legal and security risks of using video conference tools. Explain to them the risk of sharing its screen, or taking a picture of it, recording the meeting, especially the risk of unknowingly sharing sensitive content to third parties.
Ask videoconference provider for Data Protection Agreement (if the company falls under the jurisdiction of the GDPR or CCPA).
Review the privacy policies of videoconference tools.
There should be a section that tells users what the company does with the information it collects. Make sure to have information about the levels of transparency needed for business to be protected.
Inform your employees about the data collected, ask for their consent.
To prevent video conference invasions and cyber attacks it is advisable to exclude the following settings:
- include the password in the link you share(‘’embedded password in meeting link for e-click join’’)
- screen-sharing – which can be turned on when the host needs it
- possibility of remote control
- file transfer
- allowing the arrival of participants before the host joins the conference and allowing removed participants to rejoin
It’s also advisable to include the following settings:
- muting participants upon entry
- always show meeting control toolbar
- Identify guest participants in the meeting/webinar
- locking the conference when all the invitees have joined it
In conclusion, when insisting on using videoconference tools in your business meetings, think about the nature of the content being captured and shared. Think about what are not soley security, but privacy law issues, breach of trade secrets, confedentiality and potential defamation.