Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

Video Conferences – How Can We Securely Meet Remotely?

Written by: Cameron G. Shilling

Published in NH Bar News (5/20/2020)

Video conferencing is critical for many lawyers and law firms to sustain our practices while working remotely during the public health crises, and we are likely after the crisis ends to continue to work remotely and use video conferencing more frequently than we did previously. As a result, this article concerning video conferencing and the next columns of the Cybersecurity Corner will address information privacy and security issues inherent in remote work.

Access Controls

‘Zoombombing’ is the newest neologism in our lexicons, and the most common insecurity. The term derives from a prominent video conferencing application called Zoom. To participate in a video conference (Zoom, Skype, GoToMeeting, Google Hangouts/Meet, Microsoft Teams, Cisco WebEx, etc.), the meeting organizer typically emails a link to attendees. Without proper controls, the link can be used by a hacker to access the conference, and disrupt the meeting by barraging participants with offensive content. That is Zoombombing.

In addition to disrupting meetings, hackers acquire links to video conferences to steal the personal information (name and email) of participants as well as the valuable business information transmitted in the meetings. Intruders also may install malware on the computers and mobile devices of participants, permitting them to steal the information on the devices, control the device cameras and microphones, and encrypt the devices for ransom.

Most video conference applications have controls that can be configured to mitigate such risks. Meeting organizers should distribute invites with passwords, and restrict or eliminate the ability of participants to share content. Conferences also can be established with virtual waiting rooms, permitting organizers to admit only intended participants, or as webinars rather than meetings, restricting the ability of attendees to distribute content and interact with each other.

Notice/Consent and Secure Retention

Video conference applications commonly either automatically record or permit recording of the event. Given the sensitive client and other information we collect and disclose using this technology, such recording raises significant privacy and security issues.

Privacy laws require us to notify participants and (in some situations) obtain consent to collect, use, and disclose personal information acquired about them. State and federal wiretap laws also require consent to record and store audio and electronic communications.  As a result, meeting organizers should integrate an appropriate notice into all video conference invitations, technologically require consent from participants whenever meetings are recorded, and obtain at least implied consent from attendees of recorded webinars.

Recorded events also should be securely stored, and the applications permit a variety of different retention methods. Meeting organizers should ensure that the retention method is secure, including encryption of the recordings and hard drives used to store them, and use of strong passwords and multi-factor authentication to access clouds and server networks that contain stored recordings. Additionally, participants should be technologically prevented from making their own personal recordings of meetings.

Due Diligence and Agreements

Most video conference providers publicize instructions on their websites about how to configure the privacy and security controls inherent in their applications. Before using these applications, we must do due diligence to ensure that those controls are sufficient to meet our confidentiality and security obligations, and configure them appropriately. Some conference providers also will sign agreements designed to comply with privacy and security laws and our ethical obligations.

The public health crisis presents a multiplicity of challenges and risks for lawyers and law firms. As we increasingly adopt technologies like video conferencing to work remotely, we must implement appropriate measures to ensure that the use of these technologies does not endanger the privacy or security of our clients or ourselves.

Cameron Shilling chairs McLane Middleton’s Information Privacy and Security Practice Group. Founded in 2009, the firm’s group of three attorneys and a technology paralegal assist businesses and private clients improve their information privacy and security compliance, and address any security breaches or incidents that may occur.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.