Default Personal Privacy Settings on Many Conferencing Apps are Limited Consumers Should Follow Basic Steps to Protect Themselves When Connecting Online
Thursday, April 16, 2020
The New York State Division of Consumer Protection (DCP) is alerting consumers about personal data privacy settings for many online conferencing apps. Video conferencing applications, which were originally developed for companies to use on their internal systems connecting only with specific external parties as needed, do not always contain enough default privacy protections for broad use.
"With more and more people using online video conferencing apps to connect with colleagues and loved ones, it's important for people to understand how to safely use these tools," said Secretary of State Rossana Rosado. "During this time where we are practicing social distancing and relying on virtual connections, I urge consumers to take basic steps that can help protect your personal information during this challenging time."
Whether working online or connecting personally with family and friends, below is a list of precautions to protect your privacy.
When creating a new meeting:
- Make it "private". Mark meetings "private" so that only people you send the link to will be able to access the call. Do not post the link to an open forum like social media. Where possible, you should invite people directly from the application, so only those people on the email invite list can attend the call.
- Require a password. If you are setting up a widely available meeting, even when it is private, you can add a level of security by requiring a password.
- Don't use your personal meeting id. In the same way you should not auto save passwords, do not autosave your personal meeting id and use it for every call setup. Make sure you sign in and note who you are each time. If someone gets access to your personal meeting id, they can easily sign in as you.
- Turn off screen sharing when you do not need it. Screen sharing allows a hacker that gets into the call to see exactly what you are doing on the call. It also lets other users on the call see what you are doing while on the call - just by clicking on your name once you are sharing. Limit screen sharing to applications only or turn it off completely.
- Consider using a "waiting room" and do not allow people in before the meeting organizer arrives. Waiting rooms allow the meeting organizer to screen who is entering the meeting and make sure no one joins the meeting - to confirm whether they should be there or not - before adding them to the meeting.
- Use a ringtone to announce when people enter/leave the call. A ringtone alerts people when someone joins the call.
- Check your app's privacy settings. Default settings on videoconferencing apps change. Review the default privacy settings every month to make sure the meetings you set up are protected.
Before logging into a call:
- Beware of copycat domains. Make sure the link is legitimate (e.g.webex.com, zoom.us, hangouts.google.com) and goes to the location specified rather than bouncing to a different URL when you open it. Separately check the company website to see which URL should be used for the videoconference you are joining. Before clicking on a link, hover over it and make sure the link is for the address you expect.
- Test the link before the call. Each conferencing platform has a way for you to test your connection, audio and video prior to a call connecting. If you go in and see what others will see and confirm your connection details, you will save time when you join the call later.
- Check your software version. Make sure you are using the most recent version of software or app when you create a meeting or log in to a call. Security updates are being done regularly by many conferencing app companies, and you want to make sure you have the latest to ensure the highest level of protection the company can offer.
- Log in on a secured network. Whenever possible do not log into an online conference with public WIFI. Public WIFI is open to everyone to see what you are doing and the links for online conferencing can pass a lot of information, including passwords and meeting ids, making it easy for someone in the vicinity to get access to your conversation and other information.
- Mute yourself. There are settings for muting both your sound and your video. If you do not want people to see or hear what you are doing, mute. If you are in a busy area, people will not be able to hear on the call if you do not mute in between when you are talking.
- Know that your call may be recorded. Depending who set up the meeting, calls can be recorded. There is an indicator (different on each platform, so do a little homework in advance and know when someone is recording a call). The person should announce that a call is being recorded, as a courtesy, but if not, you will know how to spot a recording in progress and can make your own choice whether to continue or leave the call.
The New York State Division of Consumer Protection serves to educate, assist and empower the State's consumers. For more consumer protection information, call the DCP Helpline at 800-697-1220, Monday through Friday, 8:30am-4:30pm or visit the DCP website at www.dos.ny.gov/consumerprotection. The Division can also be reached via Twitter at @NYSConsumer or Facebook at www.facebook.com/nysconsumer.
The New York State Office of Information Technology Services (ITS) was created in 2012 to transform IT services in an effort to make New York State government work smarter for its citizens and enable the state to be accessible for businesses through the use of technology. ITS provides statewide IT strategic direction, directs IT policy and delivers centralized IT products and services that support the mission of the State. ITS operates data centers 24 hours a day, 365 days a year to support statewide mission-critical applications for over 50 Agencies, over 17 million citizen accounts, 120,000 employee accounts, 60,000 phones, 99,000 desktops and laptops, and 3,433 Virtual Desktop remote connections. ITS operates a secure network of over 1,600 miles of fiber to deliver telecommunications, Internet and Intranet services, enterprise email systems and support, IT training, networking, data storage and processing to State government entities in addition to developing new services in support of citizens, businesses and State Agencies.