COVID-19: 'Firms using video conferencing tools could risk breaking data privacy laws'

  • Business tool Zoom has seen a 20-fold increase in users recently, as COVID-19 forces millions to work from home.

    However, reported problems with privacy and security have sparked concern about using video conferencing tools amongst governments and businesses worldwide.

    The app’s unprecedented surge in popularity inevitably attracted the attention of malicious actors, and exposed unforeseen weaknesses. “Zoom bombings” in which hackers enter chat rooms persist, and cybercriminals are targeting user passwords. The company has also faced a string of privacy concerns after user data was being sent to third parties and used for targeted advertising.

    Online conferencing tools’ compliance with global privacy regulations, such as Europe’s General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA) – which mandates disclosure on data collection, third party access and breaches – has now come under intense scrutiny, according to authentication platform Veridium.

    It should be noted that in response to these data breach claims, a spokesperson for Zoom recently told the Guardian newspaper: “Zoom takes its users’ privacy, security, and trust extremely seriously. During the Covid-19 pandemic, we are working around the clock to ensure that hospitals, universities, schools and other businesses across the world can stay connected and operational.”

    RELATED: New social distancing app raises some privacy concerns

    James Stickland, CEO of Veridium highlights that companies using video conferencing tools now face the real risk of breaking data privacy laws, and warns that enforcing passwords greatly increases the risk of cyber-attacks.

    He commented: “The COVID-19 crisis has forced a number of firms into taking dangerous shortcuts on security, as well as falling foul of regulations such as GDPR – placing them at greater risk of fines and data breaches. This is an inevitable consequence of companies who have been pressured into adopting technology in order to stay afloat, without conducting the usual rigorous assessments.

    “Businesses must be transparent about who has access to sensitive, personal employee and client data on video conferences, especially when using screen sharing or recording tools. This is imperative considering the escalation of cybercrime, in which funded attacks on passwords worldwide have risen 667%. This situation demonstrates that businesses cannot rest on their laurels, waiting for the next data breach – but always plan for the worst case scenario.

    “Video conferencing tools must take accountability and change how they handle data, which is the perfect opportunity to enhance outdated, password-based security systems. Easily compromised passwords, which are susceptible to phishing and malware attacks, are responsible for over 80 per cent of all data breaches.

    “Transitioning to a passwordless approach through biometric authentication will not only enhance security and streamline the user experience, but also alleviate the challenges posed by data privacy regulations – such as providing proof of identity for legal non-repudiation and a record of every access attempt. Mobile based biometric authentication, which leverages widespread smartphone adoption, can help facilitate safe home working at this critical time without sacrificing the platform’s much-loved seamless user experience.

    “It is critical users know how and where their data is being stored, which can be increasingly unclear. The right mobile multi factor authentication solution will minimise the risk of exposing personal data to the wrong parties, improve the traceability of data processing, and keep costs to a minimum. Any concerns the public has over the storage of sensitive biometric data can be alleviated by techniques such as the distributed data model, which encrypts biometric data in multiple places, rendering it useless to a hacker.

    “Some video conferencing tool companies are proving to be a victim of their own success. Indeed, as with all businesses, unless they adopt a more stringent approach to security, increasingly sophisticated cyberattacks will continue to prevail.”

    RELATED: Google uses tracking data to analyse UK and Ireland movement during lockdown

    Source: Written from press release

    About the author

    An article that is attributed to Sync NI Team has either involved multiple authors, written by a contributor or the main body of content is from a press release.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story