For Immediate Release:
April 15, 2020
Follow us on Twitter @NYSDOS
Consumer Alert: The Division of Consumer Protection Urges New York Consumers to Protect Themselves When Using Online Video Conferencing Apps
Default Personal Privacy Settings on Many Conferencing Apps are Limited
Consumers Should Follow Basic Steps to Protect Themselves When Connecting Online
The New York State Division of Consumer Protection (DCP) is alerting consumers about personal data privacy settings for many online conferencing apps. Video conferencing applications, which were originally developed for companies to use on their internal systems connecting only with specific external parties as needed, do not always contain enough default privacy protections for broad use.
“With more and more people using online video conferencing apps to connect with colleagues and loved ones, it’s important for people to understand how to safely use these tools,” said Secretary of State Rossana Rosado. “During this time where we are practicing social distancing and relying on virtual connections, I urge consumers to take basic steps that can help protect your personal information during this challenging time.”
Whether working online or connecting personally with family and friends, below is a list of precautions to protect your privacy.
When creating a new meeting:
- Make it “private”. Mark meetings “private” so that only people you send the link to will be able to access the call. Do not post the link to an open forum like social media. Where possible, you should invite people directly from the application, so only those people on the email invite list can attend the call.
- Require a password. If you are setting up a widely available meeting, even when it is private, you can add a level of security by requiring a password.
- Don’t use your personal meeting id. In the same way you should not auto save passwords, do not autosave your personal meeting id and use it for every call setup. Make sure you sign in and note who you are each time. If someone gets access to your personal meeting id, they can easily sign in as you.
- Turn off screen sharing when you do not need it. Screen sharing allows a hacker that gets into the call to see exactly what you are doing on the call. It also lets other users on the call see what you are doing while on the call – just by clicking on your name once you are sharing. Limit screen sharing to applications only or turn it off completely.
- Consider using a “waiting room” and do not allow people in before the meeting organizer arrives. Waiting rooms allow the meeting organizer to screen who is entering the meeting and make sure no one joins the meeting – to confirm whether they should be there or not – before adding them to the meeting.
- Use a ringtone to announce when people enter/leave the call. A ringtone alerts people when someone joins the call.
- Check your app’s privacy settings. Default settings on videoconferencing apps change. Review the default privacy settings every month to make sure the meetings you set up are protected.
Before logging into a call:
- Beware of copycat domains. Make sure the link is legitimate (e.g. webex.com, zoom.us, hangouts.google.com) and goes to the location specified rather than bouncing to a different URL when you open it. Separately check the company website to see which URL should be used for the videoconference you are joining. Before clicking on a link, hover over it and make sure the link is for the address you expect.
- Test the link before the call. Each conferencing platform has a way for you to test your connection, audio and video prior to a call connecting. If you go in and see what others will see and confirm your connection details, you will save time when you join the call later.
- Check your software version. Make sure you are using the most recent version of software or app when you create a meeting or log in to a call. Security updates are being done regularly by many conferencing app companies, and you want to make sure you have the latest to ensure the highest level of protection the company can offer.
- Log in on a secured network. Whenever possible do not log into an online conference with public WIFI. Public WIFI is open to everyone to see what you are doing and the links for online conferencing can pass a lot of information, including passwords and meeting ids, making it easy for someone in the vicinity to get access to your conversation and other information.
- Mute yourself. There are settings for muting both your sound and your video. If you do not want people to see or hear what you are doing, mute. If you are in a busy area, people will not be able to hear on the call if you do not mute in between when you are talking.
- Know that your call may be recorded. Depending who set up the meeting, calls can be recorded. There is an indicator (different on each platform, so do a little homework in advance and know when someone is recording a call). The person should announce that a call is being recorded, as a courtesy, but if not, you will know how to spot a recording in progress and can make your own choice whether to continue or leave the call.
The New York State Division of Consumer Protection serves to educate, assist and empower the State’s consumers. For more consumer protection information, call the DCP Helpline at 800-697-1220, Monday through Friday, 8:30am-4:30pm or visit the DCP website at www.dos.ny.gov/consumerprotection. The Division can also be reached via Twitter at @NYSConsumer or Facebook at www.facebook.com/nysconsumer.