By Amit Walia, EVP Managing Partner at Compodium
With employees now used to working at home, video conferencing platforms have seen a surge in demand. As Covid-19 forced organisations to quickly adapt to remote working, one application reported a 30-fold surge in users, whilst another clocked up more than 4.1bn meeting minutes in just one day in April, up from a daily average of 900m in early March.
More people are using a form of video conferencing than ever before, but this huge increase has also brought increased security concerns. Incidents of Zoom-bombing have been widely reported in recent weeks. Zoom-bombing is when strangers intrude on others’ meetings on Zoom. Sometimes, these intruders listen in without anyone knowing they’re there. Other times, they totally disrupt the meetings sometimes in ways that threaten the business in its entirety, integrity as well as confidential information.
A recent study by IBM found that remote work appears to be growing on people, as more than 75 percent indicated they would like to continue to work remotely at least occasionally, while more than half – 54 percent – would like this to be their primary way of working.
However, when it comes to financial services, there is a rightful expectation that all organisations provide an expert level of security around sensitive data. After all these companies possess a wealth of personally identifiable information (PII) and payment card industry (PCI) data, such as national insurance numbers, credit card numbers, birthdates, addresses, phone numbers, credit scores, and much more.
Over the years, some of the biggest data breaches have involved financial service providers, from banks and payment processing companies to loan providers and credit reporting bureaus. In fact, the most recent financial services data breach at Equifax affected over 100 million people.
But before companies rush to embrace further video conferencing as the new norm, they need to understand where potential risks might lie. Companies need to understand that it’s not as simple as clicking a link and joining a video. There needs to be careful consideration to ensure privacy and security for all users, and their data. There are good reasons that laws and regulations like GDPR, CCPA and HIPAA exist.
Here are some key considerations:
Use of your customers’ data should be front and centre
- You must understand how your chosen video conferencing provider manages your data so make sure that you familiarise yourself with their policies in this area.
- Know what kinds of user data are being collected. This will probably include basic information submitted by users such as a username and email address to establish a video account. But there is also the data that’s collected in the background – most likely without the user even knowing about it. This will be things like IP addresses, device types, platform operating system and called/calling party video addresses. The collection of these types of data is all pretty routine, but this leads nicely on to my next point…
- You need to be aware of what’s being done with this information. There are certain things that are permissible. Using the data to enable the call itself is permissible, as is providing usage history to enable billing for example. However, it is not permissible to share the data with any unauthorised outside parties. Users of any video conferencing service should be confident that their not only data is private and secure, but should they wish to know they can ask the provider to tell them how they are using the data, where it is stored, how long it is stored for, and under what regulatory standards it handles such user data.
- How is your data being handled? In addition to considering where it is stored, organisations must have a handle on who has access to the data. Even if the data is encrypted and not human-readable, there may be requirements that the data reside within a certain geography.
Security is paramount
- First, understand what level of security you need? Catching up with your friends and family via HouseParty is a completely different ball-game to sensitive business negotiations. Most organisations are going to need a secure communications channel – but how secure should it be, and to what standard? For meetings where you cannot compromise on security ensure industry security protocols such as AES-128, AES-256, SSL and TLS are adhered to.
- In addition to encryption, consider other security tools such as waiting rooms that ensure only those invited can attend the call, which participants share content and the ability to eject unwanted participants.
Privacy and security built in
For many businesses, the first half of 2020 will be remembered as unusual, challenging but also transformational. Digital transformation has been a ‘must get on with’ process for CIOs the world over and indeed, many organisations are a significant way along this journey. The enforced work from home that we’ve just experienced has accelerated businesses’ need to equip teams with the tools to work effectively, efficiently, and securely. Today’s more-mobile workforce now requires greater, and more convenient, access to workplace collaboration tools than ever before – but privacy and security cannot be an afterthought – it must be built in.