With the COVID-19 pandemic spreading around the world, millions of individuals have been sent home by their companies to begin remote working, many for the first time.
Remote working is an excellent option at a time like this given the amount of access we now have to each other through the use of technology. Instant messaging, emails and calls can keep a whole company in the loop, and video-teleconferencing (VTC) platforms mean our meetings are still face-to-face, no matter the business or agenda before us.
However, as this is the biggest shift to remote working we have ever seen, an awareness around the safety of the technology we are using is growing day by day, and revealing some unsettling details about certain VTC platforms. Some have failed to meet our expectations for easy home working, proving themselves unsafe for use in numerous ways.
We are going to outline these risks in this article and by the time you finish reading you will know what is safe when it comes to online video calls, and what isn’t.
Your Expectations of VTC
If you don’t work in the tech space, this list may be relatively short. You probably never expected to be working from your own home like this, and you want to feel safe using these technologies, for as long as this period lasts. Here are some of the things you should be expecting from your VTC provider which can help you feel secure:
You should expect that your data is safe from breaches during video calls. This is achievable through end-to-end encryption, which prevents data being read or modified by any other party than the true sender and the recipient.
Your messages, or video calls, should be encrypted by the sender, but the third party, or host – that is, your VTC platform – should not have a means to decrypt, and therefore access, the information that is shared.
This is vital for individuals or companies sharing information via video call that must remain private.
You would expect that no strangers can enter your call, right? A video-call is usually organised by a host who will invite people via a code into the private call, which will then remain closed. However, if your video call only requires this code to enter, it can easily be guessed by a potential hacker, or someone who wishes to disrupt the private nature of your online meeting. It is much more effective to add a password or PIN to help protect your conference.
Only you and your guests should be able to see who’s in the meeting, and what is presented. The meeting room should also exist only until the meeting is over, meaning files shared during the meeting cannot be accessed afterwards. It is important to choose a VTC provider and platform that allows you the security of a protected room in order to keep you safe from hackers crashing your meeting. As we’ll soon see in this article, this has been happening around the world – causing issues across many regions and industries and resulting in very serious investigations.
Beyond this, some VTC platforms have measures that allow hackers to take over the Mac computer of another user. This, among other issues, has led to experts stating that “these platforms are malware”.
Certification and Compliance
Your VTC provider should advertise their compliance to international regulations in order to boost your confidence in their ability to protect you from cyber threats and crime. GDPR stands for General Data Protection Regulation, which is a regulation of European Union law on data protection and privacy. However, it doesn’t just apply to the EU – it applies to any business worldwide that processes personal data relating to an individual in the European Union, meaning many Australian businesses must comply with the regulation. The GDPR also shares many common requirements with the Australian Privacy Act 1988. Your VTC platform should be aware of these laws and regulations and be applying them to you, and anyone else making use of the platform.
A Harsh Reality
It is vital that your VTC platform provides these security measures as they’ll help keep you, your data, and ultimately your company, safe from breaches and cyber-crime. However, as people make use of these platforms for remote working across the globe, we are learning that many platforms are not meeting these expectations.
One VTC platform was recently found to have made misleading statements about employing end-to-end encryption. If we refer to the earlier definition, it was found that they, the third party, were able to access the video conferencing their users were taking part in. Although outside parties were unable to gain access, this company had allowed themselves access by being “a little bit fuzzy about what’s end-to-end encrypted”.
Not only did this give them access to the call itself, it also gave them the ability to mine messages and files that were shared during the calls. These files could then be used for ad targeting, or any other practice that uses the results of data mining. It is therefore of the utmost importance that you triple-check that your VTC platform uses proper end-to-end encryption so that you can ensure your safety, and the safety of yours and your company’s data.
Back Door Entries
It is important that your meeting remains closed and free from the threat of intruders. This should be a relatively easy ask, but as the work-from-home boom unfolds before us, many are finding it difficult to keep their meetings secured. The FBI have reported two incidents where this was a significant problem for those involved.
In the first, a Massachusetts high school reported that an unidentified individual dialled into their online classroom, yelled a profanity and stated the teacher’s home address.
In the second, another school from the same area had a meeting accessed by an unidentified person, who was seen on a video camera, displaying swastika tattoos.
Furthermore, The New York City Department of Education has decided to ban one video teleconferencing service after reviewing various safety concerns. They have moved to another service, which was described by a spokesperson as having “the same capabilities with appropriate security measures in place.”
These are severe breaches of privacy, and must be treated very seriously by those who are using video conferencing at any time, not just during this pandemic. You must be certain that your chosen VTC platform offers a closed meeting space, or one that can at least be password-protected.
It is important to research whether your chosen VTC platform is GDPR-compliant, as it is the safest way to tell whether they take your privacy seriously. Also, perhaps take note of when they became GDPR-compliant. Was it a recent development in the face of complaints? Or have they always been compliant? CommuniCloud is GDPR-compliant, and has always been committed to strictly following these regulations.
Safe VTC Options
For safe video conferencing options, we recommend Cisco Webex, and of course, CommuniCloud. At CommuniCloud, we have always put your safety, and the safety of your data, at the centre of our services. We offer a range of safety guarantees in our video-conferencing software. We are GDPR-compliant, and we employ advanced security measures to keep your information private. Our video conferencing works based on a Pexip platform, which is designed specifically to meet US federal requirements. Pexip has been chosen as the safest software for Governments and healthcare systems around the world.
If you are dissatisfied with your current video conferencing platform, or have concerns about security and privacy issues please contact CommuniCloud today to discuss a safer solution.