With the Onset of COVID19, many organizations are using teleconferencing tools to support working from home. Nevertheless, organizations should stil go through their normal due diligence process to determine whether these tools are providing the necessary privcacy protections. Using “out of the box” teleconferencing and video conferencing solutions may have some inherent privacy and security risks that may leave your personal information available to be intercepted, listened in on, unintentionally disclosed or open to number of cyberattacks.
To help minimize these risks you can do the following:
· Choosing a product:
o Look to see how the teleconfrencing complies with more stringent privacy rules like GDPR (Europe), or CCPA (California).
o Does the solution have reliable encryption?
o Make sure you can keep the video conferencing meetings private by issuing users a password or employing the "waiting room" function, which requires the host to invite each guest individually.
· Video Conference features:
o Facilitator knows who is always on the call. The grp is informed when new person joins or leaves the call.
o The facilitator closes of the call at the end.
o Change the passwords and login information needed to access the conference in order to “lock out” all members after the meeting is over. This way, you never have to worry about disgruntled former employees accessing your online materials.
o Audit trail of the users on the call and the length of the call.
· Shared desktop
o Ask employee to avoid using a shared or someone else’s computer/device as they may be able to access your company’s information.
Don't share invitation links on social media.
Keep software updated to stay on top of any security patches provided by the video conferencing company you choose.
Do not permit users to sign-in using Facebook or Google – require a unique username and password to sign-in.