The Federal Trade Commission released guidance for increasing privacy and data security while videoconferencing over the internet. The FTC is recommending that video conference users take the following steps:

  1. Make sure that only those individuals who were invited to the meeting are in attendance by securing the meeting by password or providing unique meeting and/or user ID numbers. These settings may not be the default – be sure to check the settings of the service every time you set up a meeting. Despite the name, “zoombombing” is not unique to Zoom. The risk of uninvited people showing up on video conferences exists across all platforms. For additional information specific to Zoom, see Troutman Sanders’s article published in Bloomberg Law, “To Zoom or Not to Zoom – Privacy and Cybersecurity Challenges.”
  2. Look for other settings that limit access to the meetings, such as host approval of all attendees or locking the meeting once all attendees have arrived.
  3. Be aware that your video camera and microphone may be on as soon as you join the meeting.
  4. Be alert to whether the meeting is being recorded and sensitive to the fact that it may be recorded without your knowledge.
  5. Be careful about sharing your screen and do not have anything open (documents, chats, browser windows, email, etc.) that you do not want others to see.
  6. Do not click on unexpected or unplanned video conference links. Tell others when you plan to send out meeting invites, so that they know that the invites are authentic. Spammers are sending false video conference links – be on the lookout.
  7. Consider whether holding the meeting by video conference is appropriate because it is not possible to guarantee that video conference meetings are completely secure. Information that is highly confidential likely should not be shared in a video conference meeting.
  8. Pay attention to the videoconferencing service’s privacy policy and understand what information is collected and whether and with whom it is shared.
  9. Make sure your videoconferencing software is up to date.
  10. Make sure those in your organization also are following company-approved best practices while videoconferencing to ensure the security and privacy of sensitive data. At Troutman Sanders, we have implemented a best-practices guide, consistent with the FTC guidance, for using the popular Zoom conferencing platform, available here.

The coronavirus (“COVID-19”) and work-at-home mandates create new challenges for all of us. In these times, it is of paramount importance to safeguard sensitive information and ensure that employees are following best practices while using videoconferencing services.

For additional information regarding securing remote work environments, please visit the Cybersecurity and Privacy section of the Pepper Hamilton/Troutman Sanders COVID-19 Resource Center.

We will continue to monitor guidance from policymakers and provide further information and updates.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel Waltz Daniel Waltz

Daniel is a member of the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and State Attorneys General team. He counsels clients in connection with navigating complex government investigations, regulatory compliance, and transactions, involving state and federal government contracting obligations. Drawing on

Daniel is a member of the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and State Attorneys General team. He counsels clients in connection with navigating complex government investigations, regulatory compliance, and transactions, involving state and federal government contracting obligations. Drawing on his broad experience as a former assistant attorney general for the state of Illinois, Daniel is a problem solver both inside and outside the courtroom.

Photo of Sadia Mirza Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Photo of Stephen C. Piepgrass Stephen C. Piepgrass

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies,

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies, including the CFPB and FTC, as well as clients involved with litigation, with a particular focus on heavily regulated industries. He also has experience advising clients on data and privacy issues, including handling complex investigations into data incidents by state attorneys general other state and federal regulators. Additionally, Stephen provides strategic counsel to Troutman Pepper’s Strategies clients who need assistance with public policy, advocacy, and government relations strategies.