Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

How to keep video conferencing compliant and secure in finance

Untitled design 12 1 - Global Banking | Finance

By Owen Morris, Operations Director at Doherty Associates, leading specialists in managing and securing cloud services. 

Video conferencing is the new normal way of collaborating in finance since the pandemic, with reports revealing a record growth in conferencing app downloads. In the week around lockdown, Microsoft Teams saw an average 11-fold increase globally on download figures.

Prior to lockdown many finance firms operated video conferencing facilities as part of their IT provision but the steep increase in the use of video shows how it’s set to remain one of the main ways of staying connected and doing business. Especially with 74% of CFOs planning to shift some employees to permanent remote working post-COVID-19, according to Gartner,

The desirability of cloud hosted systems has increased as opposed to technology being provided as part of an on-premise office communications system, with finance having to adapt to video becoming central to their core business processes.

While the flexibility and diversity to video conferencing apps has a multitude of productivity benefits, these apps are another route for hackers to access the rich data stored by finance companies if the organisations are not properly securing all routes in.

The greater the use and volume of cloud based video available, the greater the opportunity to breach security and privacy. It’s therefore ever more critical for financial services to control how video is used and disseminated, especially with employees now using multiple personal and work devices from various locations to access a variety of video platforms.

Video conference securely

When implementing or securing a video conferencing system finance firms must consider what their security posture will be, covering the following 10 steps:

  1. If possible, configure your video platform to generate individual links to specific people for a specific time slot and passcodes for meeting access to stop the distribution and re-use of links otherwise known as ‘zoombombing’, which allows uninvited people to join meetings.
  2. Maintain a distinction between internal and externally available meetings by controlling the people attending. If possible, use integration between your cloud sign-on and the video platform to identify users, for example, using Azure Active Directory in conjunction with Microsoft Teams. This will help ensure that confidential data is not accidentally shared externally.
  3. Understand how meetings are recorded and where the recordings are stored. For compliance reasons, systems that can store recordings within the cloud rather than on user machines should be preferred as a more secure means. This also allows easier searching for compliance and auditing purposes, as I explain later in this article.
  4. Identify any additional sources of personal information that could be held in recordings such as HR information especially associated with protected characteristics defined under the GDPR, or patient information. Have a way of identifying and segregating access to these recordings – again, important for compliance and auditing.
  5. Understand how to quickly find out who was involved in past meetings as this is also required for audit reasons.
  6. It’s a breach of data protection regulations not to request consent from the person recorded. Understand how platforms notify people of recordings and ensure your company’s privacy policies reflect this.
  7. Investigate what information can be gathered from the recordings for later audit purposes – some platforms allow automatic transcription of recordings to text.
  8. Does your video conference platform allow a broadcast/mass-meeting option as well as multi-attendee conferencing, and do you need a separate privacy policy for this? For example, when people attend webinars, their personal data may be retained under a different lawful basis (for example, legitimate interest) so it this may need addressing separately in a privacy policy.
  9. Does the platform allow the transfer of other data to meeting attendees – is this a possible vector for data leakage?
  10. Screen sharing can disclose information to meeting attendees so look to lock this down by implementing policies such as only being able to share individual windows rather than a whole desktop.
    Owen Morris

    Owen Morris

Keep your video data compliant

As mentioned above, for compliance purposes it’s important to understand how data is stored in the video platform so it can be searched and audited later. Specific compliance requirements such as HIPPA may require banks and finance to disable the ability to download video content and the video provider should allow you to configure this. Cloud video storage is preferred but understanding your expected data volumes and what’s included in a plan is key as even compressed video can use up lots of space.

Understand whether you are the data controller for any meeting content. Ensuring that the meeting content is covered in your organisation’s compliance processes (such as GDPR data subject access requests) is important when implementing a video platform. The major video conferencing providers have well defined policies around their processing and is a good reason to choose them over smaller entrants to the market.

A full service platform that performs automatic transcription, stores recordings to the cloud, and has a good set of eDiscovery tooling for searching both attendees and contents of recordings, is invaluable especially for auditing. Such a platform reduces the number of places that your data can be stored and reduces the number of individual policies that need to be maintained, so combining your video conferencing with your data storage and office tooling can make a lot of sense.

However, the increased availability of video brings opportunities as well as risks. Recording and making available meetings and training sessions for employees can enhance learning and development as well as improve key processes like employee onboarding or mandatory training – which may need to be done differently within a Covid-19 restricted workplace.

So, embrace the benefits of video conferencing for your business, customers and clients but just remember to ensure its secure and compliant at all times, with efficient data storage and access should your finance firm be audited any time soon.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post