Millions of employees ordered to stay at home to limit the spread of coronavirus are using videoconference platforms to stay connected.

But as companies have scrambled to convert their office workforces to stay-at-home, many have had to deal with employees unfamiliar with videoconferencing, as well as those working on personal laptops and unsecure connections. Companies have been left to balance the need to communicate regularly with employees with risks involving data privacy and cyber-security.

Not surprisingly, stay-at-home orders have led to explosions of use for popular videoconferencing platforms like Zoom and Cisco Webex. Zoom went from 10 million unique daily users in December 2019 to 200 million last month; Cisco Webex reported that its traffic in China increased as much as 22 times since the coronavirus outbreak began. Other popular videoconferencing platforms like Microsoft Teams and Google Hangout have not released customer usage numbers.

With all the new users have come new problems, particularly for Zoom. Some Zoom users have reported incidents of “Zoombombing,” where an unauthorized user crashes a video chat and posts hateful, racist, or pornographic content. Zoom Technologies recently posted an apology and explanation from founder and CEO, Eric Yuan.

Zoom was originally founded to serve large institutions with robust IT support, he wrote.

“However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” he wrote.

As a result of those challenges, Zoom is now facing scrutiny from the New York Attorney General’s office for its data privacy and security practices. The company has had a class-action lawsuit filed against it in California alleging potential violations of the California Consumer Privacy Act (CCPA), which went into effect in January. Even the Federal Bureau of Investigation has warned of the trend of “Zoombombing.”

In response, Zoom says it has worked to train new users on its protective features, removed a software code on its Facebook login that sent Zoom user data to Facebook, and has made other upgrades and improvements to its service. But it might be too little, too late.

Other companies popping up in the videoconferencing space are seizing on these shortcomings and highlighting the vulnerabilities of more established competitors. Lifesize, for example, offers encrypted videoconferencing, saying in a recent blog pitch that “associating your brand with security breaches and vulnerabilities can create hesitancies in your partners’ and clients’ willingness to do business with you.”

Managing the risks

For some companies, the explosion in videoconferencing use has led to monitoring and compliance headaches. How can you tell if an employee is sharing privileged or proprietary business information with an unauthorized user? How can you help new employees from mistakenly providing hackers with access to your company data?

Devin Redmond is CEO and co-founder of Theta Lake, a Santa Barbara, Calif., compliance software company. A recent Theta Lake survey of 100 global compliance officers found that 90 percent of their companies are using video as part of their collaboration platforms, but that 89 percent aren’t using modern compliance tools.

Redmond said businesses can take relatively simple steps to help prevent cyber-security problems with new remote workers and to keep tabs on them for possible violations, intentional or otherwise.

Although he does not recommend that businesses use these functions, most videoconferencing platforms can limit all sharing. Doing this allows only the presenters to speak and present information. This should be considered a stopgap measure, he said, “because it really defeats the purpose of this technology,” which is to provide an online forum for two-way conversations.

Employers can also segment different user groups, which creates a smaller subset to monitor. New users and those operating with personal laptops are most likely to have issues with videoconferencing technology and are susceptible to mistakes that could endanger privileged company data.

Second, some videoconferencing platforms have real-time compliance components as part of their packages, he said, which allow employers to log and record such behavior for later review and correction.

“A lot of organizations aren’t paying attention to what’s happening on their videoconferences,” he said. “Users can share anything on the screen that their device has access to.” A joke or comment made during a videocall could become the foundation of a lawsuit later, he said, and having a way to retrieve evidence will be crucial in forming a company’s defense.