Ljubica Pendaroska, Privacy and Data Protection Expert
Cybersecurity Europe Top50 Women Influencer 2019
Staying healthy, both offline and online remains a challenge these days. The global pandemic has radically changed the way we communicate traditionally. But it also altered our perception and experience of electronic collaboration. Or at least, should have changed! It encouraged video conferencing as a viable way of functioning for companies and organizations in dramatically shuffled circumstances. And all of a sudden, apps got a different meaning to our business life. According to some statistics, the video conferencing apps аrе going up 90% compared to the pre-COVID-19 weekly download average. They stimulated us to ask about our “digital health and well-being”. Responsibility and accountability, should be written in capital letters, I wonder.
What key factors have a significant influence on security when using video conferencing applications? First, it is all about the people. A person as a user, his/her awareness and valuable assessment, as well as appropriate knowledge for what a safe use of these tools really means; Second, the software systems in stake and their vulnerability; Finally, the company’s security policies and security culture, on whose behalf individuals do the work.
Potential security and privacy challenges – Being aware of instead of being afraid of
What is it being a bit tricky that people shifted their work at home when the pandemic captured the world? Given the type of work, not everyone has a suitable protection system installed within home computer. Furthermore, not all video conferencing applications have been designed for home use. For instance, the Zoom app was originally designed to operate in large businesses with in-house IT specialists thus guaranteeing set up and control of the system properly. As experience confirm, some application designers are becoming conscious about potential security risks in step, as they occur! Be aware and careful, very often, the default settings were not created in a manner to provide maximum protection, but users themselves have to take care of it. It is worrying that most of the apps are not encrypted as end-to-end user, which increases the risk for “interception of communication” by unwanted and malicious participants.
Let’s mention a few other “floating” risks to keep in mind: an “uninvited” user can turn on your device’s camera and microphone; or can take full control over your files; there are also applications that link your account with the contacts from social networks in order to make it easier for you to find correspondents, which enormously increases the security risks for all your contacts; hacker attacks; during the meeting, the administrator can collect details about the operating system, your IP address, location data of each of the participants; uninvited users in the communication, if the password is not authenticated.
Your security and privacy will appreciate that – Evaluate the apps properly before you jump in!
You won’t buy shoes without trying them on, or if they’re uncomfortable on your feet, right? So why start using an app without evaluating its performance first?
Of course, the same shoes do not suit every occasion! In an identical manner, do not use a single app for every situation, but pick it wisely and appropriately, according to circumstances! The market presents plenty of applications for video conferencing. Some are offered free or at a low cost, but some, usually those which are industry standards, can be expensive. Inform yourself more about before you go for, while having in mind professional comparisons between the multitude of applications, to name some: Cisco WebEx, Google Hangouts, Skype for Business, Microsoft Teams, ClickMeeting, Zoom, Google Meet, GoToMeeting, BlueJeans, Appear.in etc.
Let me suggest a few decisive points to think about when choosing the right video-conferencing app:
- whether the video chat/meeting will be one-on-one, within a limited small group or among larger groups or audiences;
- The nature and composition of users/participants – for example, if the video app is planned for a school class, it is necessary to ask for a higher level of security and, of course, for proper end-to-end encryption;
- The essence and content of the agenda topics – for instance, if you’re having CEOs or Board meetings where strategy or important decisions are going to be considered, then soaring security and business confidentiality is crucial;
- The expectation of privacy – should be very low or none when you are a speaker at an online conference, compared to any situation in which very limited circle of people are communicating via video app.
A spectrum of personal and corporate data is usually being revealed during a video conference meeting. That is why it is cardinal to ascertain if the app provider collects, stores personal data, and what is happening furthermore with such data. Consider cases of data brokerage and data sale to third parties and advertisers. In addition, if you are not the host of the video call, determine whether the host can collect or store your personal data. It is very useful to re-read a few times the data protection policies of the video conference app in order to fully understand it. The policies are usually written by lawyers in a lawyer manner and with a language difficult enough to follow through. Inform more about the examples of snowballing concerns over privacy, as well as about in-app surveillance measures and attention tracking features.
End-to-end encryption is at the top of the evaluation demands list. The encrypted communication is the core value of any trusted exchange because no other party than users can break through and interpret the data being communicated. In a time when data become a precious commodity, no other request than encryption could be more important for corporate world communication.
The video conferencing is progressing; Brace yourself for well-protected online communication
Modern living can not and should not be envisioned without video conferencing applications. The common evil that afflicted us all once again strengthened our confidence in their significant use value. That is the reason why is imperative to educate yourself more about, striving to provide the most adequate possible security and protection in a video-conferencing environment.
Following the experience, the next tips can significantly improve the protection of video conferencing apps:
- Time is not waiting and it is important to walk along with it – always try to keep up to date with the new features or fixed vulnerabilities, update to the latest version to address malfunctions, and vulnerabilities.
- Public platforms, social media, and other online locations should not be an arena to post and share meeting information – Sometimes it is enough to make the meeting identification info conveniently available, to encourage the malicious “participants”. Avoid sharing meeting ID in public at all costs!
- Using passwords as a gate to video-conference meeting is always a great idea – in order to avoid intruders and unwanted “meeting crashers” set a password for the meeting, available only to those intended to participate.
- It is very important to know and control who will/is attend the meeting. To enable it, use the “host controls” feature – this function will make it easy to regulate participants, to remove some if needed, as well as to disable auto-screen sharing. So to ensure smooth video meetings, without unpleasant disruptions and offensive contents uploaded.
- One of the advantages of video-conference apps, at least for most of them, are the waiting rooms and lobbies. They help to regulate the number and profile of participants at a particular moment of the meeting.
- In many cases, intruders enter into communication to upload files or materials that are unwittingly and directly downloaded by meeting participants – That is why it is important to disable file and material transfer features.
- Recording a video conference meeting is not recommended for security reasons. However, if it is planned to happen, participants must be notified prior to recording begins. This will enable them to decide whether to participate in line with privacy and data protection requirements.
The pandemic will end, but the habits of caring for a healthy video conference environment will remain. Let’s seize the benefits.