Know the Risks of Video Teleconferencing!
In an effort to stay connected during the COVID-19 crisis, many of us have turned to video teleconferencing platforms and apps (“VCPs”) to stay connected and do business while staying at and working from home. VCPs, like FaceTime and What’s App, were originally designed for virtual social meetups and conversations with friends and family who couldn’t get together in person.
They’re now being used on an unprecedented scale for business-related meetings, negotiations, and networking, ways for which they weren’t originally designed. Users often don’t understand the risks that come with using VCPs for business and how to mitigate them.
One big risk has come to be called “Zoom-bombing” (although it’s not only a Zoom problem). This is when a video teleconference session (“Session”) is hijacked by an uninvited participant, who uses the screen-sharing feature to disseminate obscene, pornographic, hate, and other disruptive and inappropriate material to Session attendees.
Another is VCPs’ user privacy and data protection policies, which aren’t always clear or, as stated in their Privacy Policies (although that’s starting to change under pressure for the government and human rights groups).
Here are some ways and best practices you can use to protect your Sessions from unwanted visitors, and protect your personal information while logged in to a VCP:
- Make Sessions private. For example, Zoom, has two options to do this: require a new, random Session ID and a password, or use the Waiting Room feature to control who’s admitted;
- Don’t share a link to a Session on social media or other public forums. Then, anyone with the link can join the Session. Provide the link directly to the desired attendees;
- Manage the VCP’s screen sharing options. In Zoom, that means limiting screen sharing to “Host-Only”;
- Ensure that users are using the updated version of the VCP’s remote access/meeting applications. Zoom updated their software security in January by adding Session passwords by default, and disabled the ability for anyone to randomly scan for Sessions to join;
- Lock the Session. When you do, no new participants can join, even with the Session ID and password. They can always text you to ask you unlock. Relock immediately after they join;
- Don’t record the Session without the consent on the record of all the participants. It’s a crime in California and other states to do so without this unanimous consent.
- Provide your employees and other VCP users in your organization training and “best practices” before they can participate in future Sessions.
Another alternative is to obtain subscription or enterprise software for your organization that includes videoconferencing capabilities and gives you the ability to restrict how the software can be used.