By Jonah Fabricant, Federal Trade Commission
Between social distancing and COVID-19 stay-at-home orders, companies are turning to videoconferencing services to get down to business. While these services help you connect, they also pose new privacy and data security risks. Here are some tips to keep in mind before hosting or joining a videoconference online:
- Take steps to ensure only invited participants are able to join your meeting. People may call it “zoombombing,” but it’s a consideration across all kinds of platforms: uninvited people showing up on videoconferences. What can your company do to reduce the risk? Some services allow hosts to password-protect a meeting. Others limit access by providing unique ID numbers for each meeting or for each participant. These features may not be enabled by default, so look carefully at what settings are available. If you host recurring meetings, most services let you create new passwords or ID numbers for each meeting. That method is more secure than reusing old credentials, so establish that as the policy for your employees.
- Take advantage of other tools to limit access to meetings. Conferencing services may give the host the option to lock the meeting once the expected participants have arrived, preventing others from joining. For the greatest level of control, hosts can enable settings allowing them to approve each participant trying to join the meeting. You also may have the ability to remove individual users from the meeting should the need arise.
- When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear you as soon as you join a meeting. If you don’t want to share sound or video, most services allow you to mute yourself or turn off your camera. You may be able to adjust the default settings so your preferences are stored for the next meeting or, depending on the service, you may need to adjust your settings at the beginning of each call.
- Check to see if your videoconference is being recorded. Many services allow the host to record the meeting for future reference. The service should display some indicator you’re being recorded—for example, a bright red circle or the word “recording.” But remember that a meeting may be recorded even if these indicators don’t appear. We’ve heard reports of videoconferences that have been shared online without participants’ knowledge. The safest strategy is to assume you might be recorded and, if possible, avoid sharing private information via videoconference.
- Be careful before sharing your screen. Most services have functions to let you share with the group what’s on your screen—for example, a slide show. But before sharing your screen, make sure you don’t have open documents, browser windows, or other things on your screen you don’t intend for others to see. Some services have options that allow the host to turn off screen sharing or to limit its use to the host.
- Don’t open unexpected videoconference invitations or click on links. With the upsurge in videoconferencing, malicious actors are sending emails mimicking meeting invitations or other communications from conferencing services. To add authenticity, they may copy the logo and look of familiar names in the business. But instead of taking you to a conference, those links may contain viruses or install malware on your computer. The safer practice is to tell your staff or your clients in advance that you have a teleconference planned for a certain time and they should expect an invitation with your name. If they get an invitation they didn’t expect, tell them not to open it and definitely don’t click on any links. Another tip to help foil videoconference imposters: If the service you’re using requires you to download an app or desktop application, make sure you download it directly from the service’s website or a platform’s app store.
- If confidentiality is crucial, videoconferencing may not be the best option. No conferencing service can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics. Evaluate whether an enterprise service would provide greater security for your company and clients, rather than free services available to the general public. If you’re conferencing remotely with a health care provider, ask about dedicated telehealth conferencing services that can include more safeguards to keep information private.
- Before using a conferencing service, review key provisions in the service’s privacy policy to understand how your information will be handled. What information does the conferencing service collect about you? Does the privacy policy limit the company from using your information for purposes other than providing their conferencing service? Finally, does the conferencing service share your information with advertisers or other third parties?
- Update your videoconferencing software. As security issues arise, many videoconferencing companies are updating their software with patches and fixes. That’s why it’s important for your business to use the improved version. Of course, only accept updates directly from the service’s website.
- Establish preferred videoconferencing practices at your business. Your employees are doing their best to maintain productivity during a trying time. But a well-meaning staffer may inadvertently put sensitive data at risk by enabling videoconferencing services that don’t meet your company’s privacy or security standards or that could be out-and-out malware. Share these 10 tips with your team, establish company-wide videoconferencing dos and don’ts, and emphasize the need to select the more secure options when hosting or joining videoconferences.
Source: United States Federal Trade Commission, https://www.ftc.gov/
This story appears in 2020 Issue 3 of the Nebraska CPA Magazine.