As chat and video application usage for organizations continues to skyrocket, organizations need to address the reality that these digital conversations are not comparable to in-person, hallway or elevator conversations. Namely, virtual meetings are neither private nor temporal.
First, the ease of capturing content or recording virtual collaboration sessions, plus the ability to capture or record via any participant’s device or applications, makes these conversations more lasting than not. From using a device’s native camera, the recording capability built into a collaboration app like Zoom, or a standalone tool that can screenshot, the options for capturing chat, screen shares or audio are endless and available at anyone’s fingertips.
Second, the ability to instantly share, show, upload and collaborate on any and all sensitive information in a chat or video meeting means collaboration tools need to be understood as an information-rich-sharing medium and not just a conversation tool. The nature of chat and video collaboration combined with the broad shift to collaboration-first workplaces for many knowledge workers exacerbates the likelihood of exposing sensitive data. With screen sharing, whiteboarding and file uploading/sharing, it is easy to inadvertently expose sensitive data on another browser tab, display unpublished design documents or share files of PII. You have to assume that what happens in a virtual meeting may not be fully private and can be exposed at any time, by any party in the conversation.
Furthering that complication with video and chat conversations is the lack of visibility into whether sensitive data is being shared, recorded or collected. Unlike casual hallway conversations where witnesses are restricted to those physically present and recording attempts are both unlikely and typically more obvious, video meetings can be surreptitiously recorded and shared with an unlimited audience.
Even if hosts disable recording capabilities within the collaboration app, any attendee can still screenshot or record the session using myriad apps and built-in tools on their own computer or on peripheral devices. Preventing content sharing faces similar challenges. Recorded material can be shared effortlessly and with little corporate visibility into whether or not the information is shared via chats, forwarded via links or made public through social media. This again compounds the risk.
The ease of recording and sharing, plus the lack of visibility into whether these activities are being done, are precisely why collaboration communications, particularly media-rich ones, require more monitoring.
Collaboration tools are here to stay as more effective information sharing and communication platforms, regardless of what the return-to-office looks like in a “work-from-anywhere” world. This means what can be shared is too broad and too important to ignore.
With many employers adopting at least a hybrid remote work model and more distributed office hubs for the foreseeable future, one best practice for early visibility into risk starts with securely and intelligently archiving chats, videos and calls. This can help identify pertinent content, participants and potential risks that happen in all aspects of collaboration sessions to proactively prevent exposure, appropriately address incidents as quickly as possible, and identify data that should be redacted or removed from retention for privacy purposes. In short, the reasons to record and effectively analyze information outweighs perceived security through ignorance.
Many follow-on arguments against recording digital communications cite financial costs of storage and challenges in efficiently surfacing relevant information in rich-media archives for review. However, these are outdated notions of obstacles.
Examples of the ongoing innovations driving down cloud data storage costs are easy to find. When the additional benefits of secure, encrypted and organization-controlled cloud storage are considered, there is little financial reason not to leverage intelligent archiving techniques. At the same time, solutions exist that manage those recordings by proactively identifying sensitive protected data within the archive for security and regulatory concerns.
Through AI and machine learning, even unstructured data and relevant audio or video conversations can be automatically surfaced and analyzed. This can help detect data exposure risk, redact sensitive data in archives and remediate risks in chat channels. Leveraging technology for discovery gives organizations valuable time to address issues, redact sensitive data or immediately remove risk-free material from archives sooner. As with any security incident, not knowing about a vulnerability for an extended period can be far worse than knowing and responding right away. In fact, knowing exactly what private data you have and addressing it appropriately, whether by removing it, redacting it or providing formal notification if exposed, ensures better privacy and security.
Organizations should approach this in five key areas:
1. Put your expectations of employees on the record, publish guidelines and some form of training for staff on how to observe best safety practices in meetings.
2. Ensure you have done the basics of good security settings on your meeting platform.
3. Accept that you must review meetings of high-risk users or a representative sample of your overall meetings to get any real picture of risk and exposure.
4. Set recording policies using your meeting platforms or third-party tools to capture those meetings.
5. Manually or using purpose-built technology, review those recordings and take appropriate action to address risks.
In today’s virtual collaboration-dominated workplace, being unaware of risks and cavalier about the approach of avoiding knowledge of such risks is no longer an acceptable excuse. Unaware organizations may end up learning of their own data exposures through third-party investigations and legal proceedings or even via headlines and social media. It is far better for everyone involved, and ultimately less risky for the company, to have all relevant information captured and available so organizations can respond accordingly rather than missing pertinent material and addressing issues too late.
To learn about how Theta Lake helps out with Chat, click here.