COVID-19 has fundamentally changed the way organizations do business mainly how employees communicate with one another and with customers. The rapid transition to telework or remote work has required the adoption and increased use of various technology tools. For example, the use of collaboration platforms (like Zoom, Microsoft Teams, Slack and Cisco WebEx) increased by up to 600% between January and April of 2020, according to a report by McAfee.
While collaboration platforms and other tools have provided essential communications and operations capabilities during “stay-at-home” operations, organizations must also evaluate the security risks and potential legal pitfalls associated with using these tools.
Choosing a Collaboration Service and Using Collaboration Services Securely
The National Security Agency recently issued guidance (applicable to U.S. governmental personnel but useful for all organizations) for selecting a collaboration service and using that service securely.
Tips to Consider: Choosing a Collaboration Service
- Does the service implement end-to-end encryption, and use strong and testable encryption standards?
- Is multi-factor authentication used to validate user identities?
- Can users see and control who connects to collaboration sessions?
- Do users have the ability to securely delete data from the service and its repositories as needed?
Tips to Consider: Using Collaboration Services Securely
- Ensure that encryption is enabled when initiating a collaboration session.
- Use the most secure means possible for meeting invitations.
- Verify that only invited attendees are participating in each session.
- Ensure that any information shared (especially personal or sensitive information) is appropriate for the participants.
- Ensure that the physical environment does not provide unintentional access to voice, video, and data during collaboration sessions.
Observe Legal Consent Requirements When Recording Videoconference Sessions
Recording a videoconference is relatively simple (on some platforms starting a recording requires only one click of a button), and in some circumstances, any participant can choose to record the session. However, all organizations must be aware of the risks of unlawfully recording videoconference calls without obtaining proper consent. Some states are “two-party consent” states, where all parties to the conference must consent to the recording. Consider whether consent is required before recording a videoconference, and how that consent will be obtained and retained.
Make sure your organization considers security and legal risks before the widespread adoption of collaboration tools.
Our Privacy, Cybersecurity and Data Management Team will continue to share the latest developments and provide insights as we continue to monitor the ever-changing, ever-shifting legal landscape on these issues.