How can I ensure my organisation and staff stay safe while using video-conferencing during the coronavirus (COVID-19) pandemic?

How can I ensure my organisation and staff stay safe while using video-conferencing during the coronavirus (COVID-19) pandemic?

 

With the urgent move to home working, and the challenges of keeping in touch with family and friends caused by coronavirus (COVID-19) social distancing requirements, the volume of video-conferencing has increased dramatically. This is unfamiliar ground for a lot of people, who are now using apps and services which they might not have used before.

Here are some top tips to help both your organisation and staff use video-conferencing to keep in touch with colleagues, customers, clients, friends and family in a safe manner which ensures an adequate standard of data protection and information security. They are derived from the Data Protection Commission of Ireland’s blog, Data Protection Tips for Video-conferencing, and the SRA’s Cybersecurity Q&A.

Employees should only be using your contracted service providers for work-related communications.

Make sure you’re happy with the privacy and security features of the services you ask staff to use.

Protect your organisation and staff from unauthorised people hijacking meetings by:

  • not leaving meetings set to ‘public’

  • setting access passwords or using your platform’s features to control who is allowed to attend

  • setting screen sharing to ‘host only’

  • posting meeting links directly to the people you want to attend, rather than sharing links on media which could be publicly available

Try to discourage ad-hoc use of apps or services by individuals.

Try to ensure employees use work accounts, email addresses, phone numbers, etc, where possible, for work-related video-conferencing, to avoid the unnecessary collection of their personal contact or social media details.

Make sure clear, understandable, and up-to-date organisational policies and guidelines are provided to those using video-conferencing, so they know what rules to follow and steps to take to minimise data protection risks. This should include information on the controls the services provide and that are available to them to protect their security, data, and communications. This will depend on the particular service provider you use.

Implement appropriate security controls, eg strong unique passwords (see Precedent: Password policy), and limit data sharing to what is necessary.

Where video-conferencing services need to be used for organisational reasons, have a consistent policy regarding which services are used and how, and offer through VPN or remote network access where possible.

Avoid sharing company data, document locations or hyperlinks in any shared public ‘chat’ facility.

See further:

          ◦ What technology risks are associated with temporary homeworking?

Make sure staff are aware the device they use for video-calling has the necessary updates, such as operating system updates (like iOS or android) and software/antivirus updates.

Encourage staff to use services you know and trust and have done some research on.

Encourage staff to take time to research any service they chose to use for personal purposes, especially the service’s:

  • privacy or data protection policy to be sure who their personal data is being shared with,  where it will be stored or processed, and what purposes it will be used for, and

  • permissions for data or sensors they are being asked for—do they really need to share their location or list of contacts for instance and what will that data be used for?

Make sure staff know to use their devices in a safe location, ie keep an eye on what (and who) can be seen from their camera, and to log out, mute, or turn off video, as appropriate, when they leave or take a break.

You can use Precedents: Message to staff on the importance of cybersecurity in a pandemic situation (eg coronavirus (COVID-19)) and Homeworking guidelines to get all these points (and more) across to staff.

Related Articles:
Latest Articles: