202006.12
0

Online meeting platform use has surged due to events that have unfolded over the past few months, making digital communication an integral part of many day to day business operations.  Many organizations discovered that online meeting platforms can provide a convenient form of communication and collaboration between team members operating in telework environments. However, along with convenience, online meeting platforms can also deliver significant privacy and security risks, which present important challenges for organizations.

For example, during the COVID-19 pandemic, Zoom Video Communications, Inc. (“Zoom”), which jumped from supporting 10 million users to over 300 million users, encountered significant privacy and security issues, including: (1) “Zoom Bombers” that joined meetings without permission and displayed offensive images to meeting participants; (2) Online hackers that “scraped” meeting IDs off the Zoom website; (3) Meetings that were recorded and shared without consent of Zoom meeting hosts; and (4) a Zoom bug that allowed hackers to take over some users computers. In response to Zoom’s privacy and security issues, the FBI issued a warning cautioning users to be careful when setting up meetings on the Zoom platform, and organizations including Google, NASA, and SpaceX banned the use of Zoom services for business purposes.

In response, Zoom and several other major online meeting platforms have initiated measures to improve overall safety and privacy, including: (1) In-meeting security controls for hosts; (2) Encryption methods for data sharing during and after meetings; and (3) Two-factor authentication for meeting login and account security. However, even with the addition of enhanced security measures, organizations must be diligent when sharing confidential information during online meetings. The following key risk management steps can help reduce potential vulnerabilities when using online meeting platforms:

  • Confirm online meeting platform has appropriate security features, including secure file transfers and secure video collaboration
  • Protect online meetings and meeting platform accounts with strong and unique passwords, and prohibit the sharing of online meeting links on social media platforms
  • Enable online waiting room services so hosts can control who joins meetings, and require employees to join online meetings using their business accounts
  • Prohibit participants from renaming their online meeting IDs – to help ensure the host can easily verify meeting participants and eliminate threats if needed
  • Secure cloud storage of online meeting recordings with a secure password (if recording is required)
  • Require two-factor authentication for web portal access
  • As appropriate, disable participant screen sharing to help avoid potentially offensive material being displayed
  • Promptly download platform software updates
  • Avoid discussing personal data, trade secrets, or other confidential information online if possible
  • Limit in-conference file sharing if possible
  • Use web interface of online platforms whenever possible, and restrict use of mobile applications, which can present additional security risks

As online meeting platforms continue to evolve, so will the security threats users of such platforms face. Selecting a secure platform and implementing appropriate privacy and security measures will help organizations create an effective online collaborative environment that is as secure as possible in the current environment.

Fey LLC will continue to closely monitor online meeting platform related privacy developments. For more articles and alerts on this or other significant data protection laws and developments, follow the Fey LLC LinkedIn page here.

Laura Fey

Laura Clark Fey, Privacy Law Specialist (IAPP), is the principal at Fey LLC.

Rebecca Terry

Rebecca Terry is counsel with Fey LLC.

Will Davis, a second-year law student at the University of Florida-Levin College of Law, contributed to this post.  Mr. Davis is a law clerk with Fey LLC.