Videoconferencing safe practices and privacy issues

With California extending its “safer from home” guidelines, many businesses will face at least 3 more months of telecommuting.  In light of this reality, businesses are faced with several challenges in terms of (1) finding a videoconferencing platform that is sufficiently private, and (2) maintaining the privacy of their employees’ data.  While many IT departments are accustomed to dealing with remote access issues and security, many may not be adequately prepared to handle a substantial increase of its own work force and its third-party vendors.   Most companies are unprepared to set up large companies of remote users from scratch on short notice.  In addition, companies have to set up a videoconferencing platform for its workers and educate its employees on how to utilize the new technology.

Videoconferencing is an extremely useful tool for enabling employees and outside parties to connect remotely.  That said, videoconferencing poses new privacy and data security risks.  If you have decided to utilize a videoconferencing platform, you should have all of your employees review the key provisions in the service’s privacy policy to fully understand how your company’s information will be handled.  Many of these conferencing services share your personal information with third-parties and this may not be something you want.  Next, although videoconferencing tools are useful for remote meetings, it is essential to take measures that only invited participants are able to join your meeting.  “Zoombombing” is a relatively new term used to describe uninvited people showing up and sometimes doing unseemly acts on your video call.  To reduce the risk, consider allowing hosts to password-protect a meeting or providing participants with unique ID numbers.  Hosts can also lock the meeting once the expected participants have arrived, thereby preventing any uninvited guests.  Finally, make sure that everyone in your company is careful about the potential for data breaches.  Make it clear that no one should open unexpected video conference invitations or click on links.  Zoom’s daily users ballooned to more than 200 million in March and, with that, came predators seeking to obtain confidential information.  Although Zoom has been the most popular platform due to its ease of use, it has faced criticism over its lack of encryption.  If you are a company using a videoconferencing platform, you must establish a clear set of guidelines and be sure that everyone in your company, as well as any third-end users, are compliant with your regulations.

Your workers face privacy concerns not just when they use videoconferencing but also in their day to day work.  Your company needs to be mindful of every act it takes or fails to take—if you neglect to protect private data, your company puts the privacy of its customers, employees and itself at risk.  Many employees who have not previously worked remotely are now using technology for transmitting data and communicating.  It is the job of the leaders to effectively communicate and educate their employees on what the company’s best practices are.  It is advisable to create a set of privacy guidelines and have your employees sign off on them to make sure that everyone in your company is on the same page.

The following are some basic guidelines that should be followed by everyone working from home:

1. Use a VPN for all work related tasks:  As a company, you should provide a VPN for all employees to use for all business tasks, including using cloud-based programs, working on cloud-based documents and sending emails.
2. Do not log onto unsecure networks, such as coffee shops or public wireless networks: although employees should only be working from home, educate employees that if they choose to go out or to someone else’s home that they should not use public wireless networks for any work-related activities.
3. Be wary of scams: Remind your employees of standard best security practices, such as not clicking on unknown links, not downloading questionable files, and using secure passwords.
4. Remind employees to use strong passwords, especially if multifactor authentication is not necessary for remote access. If multifactor authentication is an option, make sure that all employees select that feature.
5. Businesses should consider encrypting particularly sensitive data, such as employee or customer personal information, and company business data (such as confidential pricing and financial information)
6. Have a robust monitoring system in place: You need a system to monitor who comes into your network, what they do when they are in your system and the devices they are using outside of your physical facility to remotely access your network. 
7. BYOD: If the business plan has an established “bring your own device” program for its personnel, the response plan should tie into that system.

It is essential for companies to take additional steps when it comes to working remotely in order to mitigate their risk of suffering negative consequences of the coronavirus.  Workers must be hyper vigilant with regards to ensuring the safety of any video platform they use.  Companies should not sacrifice safety for ease of use in choosing what platform to adopt.  In addition, employers and employees must take all measures necessary to preserve the privacy of their data.  It is highly advised that companies with remote workforces consult an attorney knowledgeable in this area to ensure you are taking the appropriate measures.  For a consultation contact Kendall Law or call (310) 619-4941.