The transition to home offices for the majority of the world over the past few weeks has been swift, with the majority of companies rising to the occasion and making it all happen without too many bumps in the road. And now as people settle into their new work environments, and dare I say work habits, the world of business communication has changed with them.
The adoption of online meeting tools has obviously gone through the roof in the past few weeks. So much so, that the number of "conference call fail" videos have added a new dimension to the more comical social media posts. Although, comedic value aside, there is a dimension of the online world that must be considered when venturing into this new realm of constant connectivity.
Not unlike the realization that came about after social media firmly embedded itself into our social fabric: we soon all learned that the social platforms themselves were not the product—we were. The data that was being gathered on all of us suddenly became monetized to everyone with a cheque book that hoped to capitalize on the belief that personal data was the new gold standard for the twenty-first century.
Now, as of March 2020, with the traditional office a distant memory, the world once again is coming to realize that anything being done online comes with a price—that price once again being the data that we share.
It takes only minutes of Google searches to find that major conference platforms have made it clear within their user agreements that personal data can be shared with third parties. The real issue here is that the data being shared turns out to be much more than just names, emails, and companies—more like all the aforementioned, along with entire video recordings of private meetings, private chat discussions, whiteboards, transcripts, and more.
What does this mean? It means that the new product meeting you had yesterday that was recorded for your own use can, and most likely is, being shared to third parties for analysis. The results of which could be catastrophic to businesses of all kinds in far too many ways to list.
So, let's cut to the chase: What can you do today to protect yourself before too much information gets exposed.
I suggest starting with the basics. For all the training everyone has gone through regarding good password etiquette—the same applies here. Make sure your account and even your meetings have passwords assigned to limit people from attending who shouldn't be there.
Along the same lines, permissions are important. Make sure that only the presenter can share screens, record sessions if needed, etc. Make sure that only invitees are in attendance, and make sure to report anyone in attendance who shouldn't be there.
Another tip: Make sure people aren't recording the session. You can ask the question, or look for the markers within the conference platform—usually a red button indicator that looks like a record button or similar that shows a recording is in progress. This means that no one can record it without the participants knowing.
And at the risk of sounding like a broken record, always use multi-factor authentication, and disable things like video and chat when not needed. This will create far less data for third parties to view.
In some cases, I would even suggest using a backdrop of some sort, or at the very least being aware of what your video shows in the background. Far too many times, other monitors can show up in a video feed that have private information, or files that can be zoomed in to view the contents, or even more benign things like windows—giving away location data, etc.
The need for online meeting platforms is not going away, nor will they change their methods of data sharing. But just like we all learned to limit our social media data, turn on (or off) certain features within Facebook or Instagram to limit the public accessing our profiles, the world of online connectivity is no different.
Lock down what you can, turn off what you can, and carefully manage everything else.
November 3, 2022
In Case of Emergency… Have a Plan
When an emergency occurs, it’s too late to plan or rehearse the response. Fires, floods and other disasters don’t pause while you get ready to address them. Policies, plans and procedures for response must be in place long before they are needed.
October 13, 2022 | Jacqueline Davis
Leading the Race Against Threat Actors
Threat actors are getting smarter and will always find new ways to execute their payloads into an organization’s tech environment. To win the cybersecurity race, organizations need to learn more about some of the key trends in cybersecurity.
October 11, 2022 | Jacqueline Davis
Observations from SecTor 2022
Research suggests that most IT departments are not keeping pace with the changes in cybersecurity. Given the rapid adoption of the connected world, it’s no wonder there is a struggle to keep the pace.