Between social distancing and COVID-19 stay-at-home orders, companies are turning to video conferencing services to get down to business. While these services help you connect, they also pose new privacy and data security risks. Here are some tips to keep in mind before hosting or joining a video conference online:
- Take steps to ensure only invited participants are able to join your meeting. People may call it “zoombombing,” but it’s a consideration across all kinds of platforms: uninvited people showing up on video conferences. What can your company do to reduce the risk? Some services allow hosts to password-protect a meeting. Others limit access by providing unique ID numbers for each meeting or for each participant. These features may not be enabled by default, so look carefully at what settings are available. If you host recurring meetings, most services allow you to create new passwords or ID numbers for each meeting. That method is more secure than reusing old credentials, so establish that as the policy for your employees.
- Take advantage of other tools to limit access to meetings. Conferencing services may give the host the option to lock the meeting once the expected participants have arrived, preventing others from joining. For the greatest level of control, hosts can enable settings allowing them to approve each participant trying to join in. You also may have the ability to remove individual users from the meeting should the need arise.
- When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear you as soon as you join a meeting. If you don’t want to share sound or video, most services allow you to mute yourself or turn off your camera. You may be able to adjust the default settings so your preferences are stored for the next meeting or – depending on the service – you may need to adjust your settings at the beginning of each call.
- Check to see if your video conference is being recorded. Many services allow the host to record the meeting for future reference. The service should display some indicator you’re being recorded – for example, a bright red circle or the word “recording.” But remember that a meeting may be recorded even if these indicators don’t appear. We’ve heard reports of video conferences that have been shared online without participants’ knowledge. The safest strategy is to assume you might be recorded and, if possible, avoid sharing private information via video conference,
- Be careful before sharing your screen. Most services have functions to allow you to share with the group what’s on your screen – for example, a slide show. But before sharing your screen, make sure you don’t have open documents, browser windows, or other things on your screen you don’t intend for others to see. Some services have options that allow the host to turn off screen sharing or to limit its use to the host.
- Don’t open unexpected video conference invitations or click on links. With the upsurge in video conferencing, malicious actors are sending emails mimicking meeting invitations or other communications from conferencing services. To add authenticity, they may copy the logo and look of familiar names in the business. But instead of taking you to a conference, those links may contain viruses or install malware on your computer. The safer practice is to tell your staff or your clients in advance that you have a teleconference planned for a certain time and they should expect an invitation with your name. If they get an invitation they didn’t expect, tell them not to open it and definitely don’t click on any links. Another tip to help foil video conference imposters: If the service you’re using requires you to download an app or desktop application, make sure you download it directly from the service’s website or a platform’s app store.
- If confidentiality is crucial, video conferencing may not be the best option. No conferencing service can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics. Evaluate whether an enterprise service would provide greater security for your company and clients, rather than free services available to the general public. If you’re conferencing remotely with a health care provider, ask about dedicated telehealth conferencing services that can include more safeguards to keep information private.
- Update your video conferencing software. As security issues arise, many video conferencing companies are updating their software with patches and fixes. That’s why it’s important for your business to use the improved version. Of course, only accept updates directly from the service’s website.
- Establish preferred video conferencing practices at your business. Your employees are doing their best to maintain productivity during a trying time. But a well-meaning staffer may inadvertently put sensitive data at risk by enabling video conferencing services that don’t meet your company’s privacy or security standards or that could be out-and-out malware. Share these ten tips with your team, establish company-wide video conferencing dos and don’ts, and emphasize the need to select the more secure options when hosting or joining video conferences.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.