A little departure from my typically formal and analytical blog posts, for a little light-heartedness in this complicated situation. 🙂
With social distancing measures enacted across the world, many are turning to online tools to facilitate not only remote working, but also in order to virtually reconnect with friends and family. You’ve probably noticed the ubiquitous Zoom happy hour screenshots while scrolling through your feeds by now.
I’ve decided to put together a collection of tips and questions you can ask yourself to help you evaluate the safety and security of the many offerings on the market in order to help you have a safe, secure and privacy-friendly happy hour on the tool of your choice.
Here we go!
1. Be aware of the risks involved
Phishing attacks are on the rise as domains “disguised” as popular video conferencing systems and phishing messages are proliferating in the chat functions of video conferences.
- Double check that links are trustworthy and correct before clicking
- Don’t open links or attachments from unfamiliar contacts
- Are you using a company or personal device?
Make sure that you aren’t violating your employer’s policies if it’s the former. ENISA suggests that work and leisure activities are not carried out on the same device.
If a “nice lady” via her unknown email address is inviting you to have a virtual “happy hour” remember that maybe you aren’t really that “lucky”.
2. Be aware of your rights as a user and those of your friends and colleagues
As users, you and your friends you have certain rights. On the one hand, among friends the right to privacy should be respected (for example, capturing screen shots and disseminating them on social media should be avoided). On the other hand, users have rights under the GDPR towards the provider of the platform. These include the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and rights in relation to automated decision making and profiling.
Take your rights and those of others seriously.
Capturing screen images and sharing them on social media or instant messaging services is a no-go!
I know that nobody does it, but it is actually important in order to preserve your privacy. That is, until the time when companies start to more effectively communicate what they do with your data, for example, by using icons, videos, etc.!
- Who will have access to your data
- What your data be used for
- Where your data be stored
- What kinds of permissions are requested? (E.g., is it really necessary for the service to have access to your contacts?)
- Remember, you should be able to object to some permissions if you aren’t comfortable with them. You should also be able to turn off background processing in apps when they aren’t in use.
4. Evaluate if it’s the right tool for you
With the many offerings on the market, it may be difficult to identify the service that best balances your needs, privacy, and security requirements. The Dutch Data Protection Authority examined the most important privacy aspects of 13 major video calling apps, illustrating the data the app collects, what’s done with the data, and the security of the communication which you can find here.
Ultimately, as the consumer you should be in control of who you give your data to and what is done with it.
- Do you trust the service?
The cheapest option isn’t always the best one when it comes to your privacy.
5. Think about your location
If you are in a shared space, don’t forget to lock your screen, mute your mic or turn off the video if appropriate when you leave your device unattended.
- Are you in a safe location?
- Do your surroundings reveal sensitive information that should not be shared with other participants (or eventually in screenshots, photos, or videos that your friends might share)?
For example, if you live in a student house don’t forget to lock your screen when you go to the bathroom!
6. Check your privacy and security settings (and those of the app) and ensure your operating system and antivirus/anti-malware are up-to-date
Most apps and video conferencing systems should be equipped with different privacy settings that you can determine as a user. Make sure that you take full advantage of these measures by, for example, password-protecting your video session, taking control of screensharing and establishing access restrictions.
- Check if the tool offers end-to-end encryption
I know that nobody reads privacy policies (see point 3 above), but please invest 30 seconds to properly verify (and possibly adjust) your privacy and security settings.
7. Check the security of your internet connection
Always avoid connecting to open/public WiFi networks and ensure that your home system is secure in order to avoid connection hijacking.
Don’t share your WiFi hotspot with others.
Watch out: open WiFi may open up a gate into your personal life.
8. Think about others before posting photos, videos or screenshots
Before posting a screenshot of your video happy hour, think about the other people captured in the photo/screenshot. Be aware that photo and video-sharing can lead to the dissemination of images, voice, and potentially contact details.
- Are you sure that your companions are ok with having their photo posted?
- Does the image contain any contact information that shouldn’t be made public?
Again, capturing screen images and sharing them on social media or instant messaging services is a no-go!
9. Schedule safely
Never share the URL to your virtual happy hour on social media, send it directly to your friends or family members via email or another secure channel to avoid malicious individuals from interrupting your call.
Check out the definition of privacy, it’s about keeping private things private!
Share these tips for a privacy-friendly, safe and cyber-secure happy hour with your friends and family.
For official guidance on how to safely use video conferencing apps see:
Danish Center for Cybersecurity – Use of communication and collaboration platforms
Dutch Data Protection Authority – Decision aid for privacy in video calling apps
EU Agency for Cybersecurity (ENISA) – Tips for selecting and using online communication tools
Irish Data Protection Commission – Data Protection Tips for Video-conferencing
UK Information Commissioner’s Office – Video conferencing: what to watch out for
UK National Cyber Security Centre (NCSC) – Consumers urged to secure internet connected cameras
United States Federal Trade Commission – Video conferencing: 10 privacy tips for your business
For more official guidance on privacy and data security aspects in relation to COVID-19, see my dedicated blog post.