Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

Videoconferencing: How Can You Ensure Privacy and Security?

Written by: Cameron G. Shilling

Beware of the risks – like ‘Zoombombing’ – and measures you can take to prevent them.

Published in NH Business Review (4/9/2020)

Videoconferencing is a critical component of our new normal. Society is using it in record numbers to connect with family and friends, engage in remote education, sustain our businesses, participate in social gatherings, and for a multitude of other purposes.

Like any technology, if not properly managed, video conferencing poses risks to the privacy and the security of our personal information. Businesses and individuals using the technology should be aware of those risks, and implement appropriate safeguard to mitigate or prevent them.

Access and security controls

“Zoombombing” is the newest neologism to enter our lexicons, and the most common insecurity. The term derives from a prominent the videoconferencing application Zoom, which exploded from about 10 million to 200 million users practically overnight.

To participate in a Zoom or other video conference (like Skype, GoToMeeting, Google Hangouts/Meet, Microsoft Teams, Slack, Cisco WebEx, etc.), the meeting organizer typically emails a link to attendees. However, without proper controls, the link can be used by anyone to access the conference, and sometimes links are publicized on the websites and social media, particularly if meetings are public.

Hackers acquire links to videoconferences to steal personal information (like names, emails, and contact information), and valuable confidential business information available as a part of those meetings. They also can disrupt meetings by overwhelming attendees with offensive content (typically pornography or hateful images), causing the meeting to terminate. Predators and thieves also covertly penetrate videoconferences to gather information about children engaging in remote education or connecting with friends, and to acquire detailed video information useful for burglary.

These dangers are exacerbated if hackers have installed malware on computers or mobile devices that permit them to control of the cameras and microphones.

Most videoconferencing applications have controls that can be configured to mitigate such dangers. For starters, all conference transmissions should be encrypted. Moreover, organizers can require attendees to enter passwords to access meetings, and can restrict or eliminate the ability of participants to share content.

Conferences also can be established with virtual waiting rooms, permitting organizers to admit only intended participants, or as webinars rather than meetings, restricting the ability of attendees to distribute content or interact with each other.

Notice, consent and secure retention

Videoconference applications commonly either automatically record or permit recording of the content. Given the vast quantities of sensitive information exchanged using this technology, such recording raises significant privacy and security issues.

Privacy laws require meeting organizers to notify participants and (in some situations) obtain consent to collect, use and disclose the personal information acquired about participants. State and federal wiretap laws likewise require consent to record and store certain audio and electronic communications.

As a result, meeting organizers should integrate appropriate notice into all videoconferences, technologically require express consent from participants whenever private meetings are recorded, and obtain at least implied consent from attendees of recorded webinars.

Recorded videoconferences also should be securely stored, and the applications permit a variety of retention methods, such as on a cloud, device hard drive or server. Meeting organizers should ensure that the retention method selected is secure, including encryption of the recordings and such hard drives, and use of strong passwords and multi-factor authentication to access such clouds and networks. Additionally, organizers should technologically limit or prevent meeting participants from making their own recordings.

Due diligence and agreements

Most videoconference providers disclose on their websites the privacy and security controls inherent in their applications, and provide instructions about how to configure such controls. Before using these applications, businesses and individuals should do due diligence to ensure that the controls are sufficient for their particular uses of the technology, and enable them to comply with the privacy and security laws that apply to them as well as the individuals who may participate in videoconferences.

Some videoconference providers also will sign agreements with users that are designed to comply with privacy and security laws, including domestic laws like HIPAA, the Child Online Privacy Protection Act and the California Consumer Protection Act, as well as foreign laws like the European Union General Data Privacy Regulation.

The coronavirus crisis presents a multiplicity of challenges and risks. As society increasingly adopts technologies like videoconference to facilitate our new normal, we all must implement appropriate measures to ensure that the use of these technologies does not endanger the privacy or security of our families, friends, businesses, customers and each other.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.