The Federal Trade Commission released guidance for increasing privacy and data security while videoconferencing over the internet. The FTC is recommending that video conference users take the following steps:
- Make sure that only those individuals who were invited to the meeting are in attendance by securing the meeting by password or providing unique meeting and/or user ID numbers. These settings may not be the default – be sure to check the settings of the service every time you set up a meeting. Despite the name, “zoombombing” is not unique to Zoom. The risk of uninvited people showing up on video conferences exists across all platforms. For additional information specific to Zoom, see Troutman Sanders’s article published in Bloomberg Law, “To Zoom or Not to Zoom – Privacy and Cybersecurity Challenges.”
- Look for other settings that limit access to the meetings, such as host approval of all attendees or locking the meeting once all attendees have arrived.
- Be aware that your video camera and microphone may be on as soon as you join the meeting.
- Be alert to whether the meeting is being recorded and sensitive to the fact that it may be recorded without your knowledge.
- Be careful about sharing your screen and do not have anything open (documents, chats, browser windows, email, etc.) that you do not want others to see.
- Do not click on unexpected or unplanned video conference links. Tell others when you plan to send out meeting invites, so that they know that the invites are authentic. Spammers are sending false video conference links – be on the lookout.
- Consider whether holding the meeting by video conference is appropriate because it is not possible to guarantee that video conference meetings are completely secure. Information that is highly confidential likely should not be shared in a video conference meeting.
- Pay attention to the videoconferencing service’s privacy policy and understand what information is collected and whether and with whom it is shared.
- Make sure your videoconferencing software is up to date.
- Make sure those in your organization also are following company-approved best practices while videoconferencing to ensure the security and privacy of sensitive data. At Troutman Sanders, we have implemented a best-practices guide, consistent with the FTC guidance, for using the popular Zoom conferencing platform, available here.
The coronavirus (“COVID-19”) and work-at-home mandates create new challenges for all of us. In these times, it is of paramount importance to safeguard sensitive information and ensure that employees are following best practices while using videoconferencing services.
For additional information regarding securing remote work environments, please visit the Cybersecurity and Privacy section of the Pepper Hamilton/Troutman Sanders COVID-19 Resource Center.
We will continue to monitor guidance from policymakers and provide further information and updates.