Video conferencing applications have gained significant traction in recent times as large sections of the workforce have moved to remote working in response to the COVID-19 pandemic. Thankfully, the technology has evolved to a point where it is reliable, in terms of quality, and feature-rich, in terms of the collaboration that it enables. In our article ‘Video Conferencing Applications – advice for employers’, we looked at key considerations when procuring and rolling out a video conferencing application from an employer’s perspective. In this article, we propose guidelines to help employees configure and use video conferencing applications in a such a way that maximises protection of their privacy, customer personal data and company information.
Configure for privacy and security
Depending on the chosen application, there will be varying options available for configuration. Employees using video conferencing applications to host or participate in meetings should observe the following best practices and configuration options when available:
- Restrict access to meetings using passwords;
- limit when people can join a meeting, and lock a meeting once all expected participants have arrived;
- Use a virtual waiting room to grant people access to meetings;
- Control who is allowed to share screens (initially, limit screen sharing to the host of the call);
- Avoid sharing links that include passwords embedded in the link;
- Turn off chat history saving;
- Disable any features that facilitate the reporting of the attention of meeting attendees to the meeting host (based on having the meeting window in focus on their device), this feature should not be used as it is an intrusion on an individual’s privacy;
- Encourage staff to use a different password than they use for other online services (where possible, authentication should be integrated with the organisations identity and access management system).
As with any software product, that the application should be kept up to date to ensure that any security patches that are released by the provider have been applied. If the video conferencing service is used within an internet browser, it is essential that the browser itself is kept up to date. Where possible, on company-owned devices, there should be a policy in place to ensure that the operating system and installed software applications receive the latest manufacturer updates.
Staff should be aware that phishing attacks can happen within the text chats of video conferencing software. Links or attachments within meetings that are not expected, or from participants that are not trusted, should not be clicked on.
It is also important to be aware not to not reveal company confidential or personal data that should not be shared on video conference chats. This may depend on the context (e.g., the participants that are involved in the call).
The increase in remote working has meant that increasingly, we are bringing colleagues and business acquaintances into our private spheres. Employees should use the measures available to them to improve their own personal privacy when using video conferencing tools. This may include:
- using a webcam privacy shutter when not in use;
- using a virtual background (if supported);
- ensuring that when a call is completed, the connection is closed.
Trilateral has significant experience helping our clients ensure that their information systems are configured for optimal privacy and compliance. Please feel free to contact our advisors, who would be more than happy to help.