Making video security a priority in financial services

By Amit Walia, EVP Managing Partner at Compodium

In 2016, a seemingly innocuous photograph of Facebook founder, Mark Zuckerberg, sat beside his desk at Facebook HQ, was posted to his Facebook profile.  Ostensibly, the post was celebrating the growth of Instagram, which Facebook had purchased several years earlier.  However, eagle-eyed followers soon identified what appeared to be tape covering both the camera and the microphone on Zuckerberg’s laptop.  Widespread debate ensued around the efficacy of covering webcams in this way.  However, given the individual in question is the CEO of one of the most valuable and influential companies in the world – and indeed one of the very few people to reach the status of Centi-billionaire – the overarching consensus from the security community was that “Zuckerberg is sensible to take these precautions.”

Mark Zuckerberg is undoubtedly a high-value target.  But in the modern, digital and data-driven world, a strong cybersecurity posture is vital for every type of organisation – large and small.  In high-value and heavily regulated industries like banking and financial services, the threat is even greater – covering both traditional cyber-attacks and corporate espionage.

Making video security a priority

The fervour around Mark Zuckerberg’s photo highlighted an interesting point – many of the comments were from people who had not considered video as a valuable target for an attacker.  In 2020, the issue of video security is more important than ever.  Video conferencing platforms are now in high demand, with COVID-19 forcing organisations to quickly adapt to a new way of working.  One application reported a 30-fold surge in users, whilst another clocked up more than 4.1bn meeting minutes in just one day in April, up from a daily average of 900m in early March.

As we move beyond the more restrictive social lockdowns, financial services organisations need to prepare for a new normal – one that caters for remote business opportunities just as effectively as those taking place face-to-face.  Employees across all industries are now used to working at home and while some organisations, such as Barclays, are looking to re-establish on-site operations as quickly as possible, others will remain – at least in some large part – remote.

There can be no doubt that video is now solidified as the primary method of remote communication.  Whether it’s a family catch up or a blue chip board meeting, wherever a physical meeting is not possible, or practical, video conferencing is now a comfortable alterative for most people.  But with more people on video than ever before, the usage surge has also brought increased security concerns.  For example, incidents of Zoom-bombing – when strangers intrude on others’ Zoom meetings – have been widely reported.  In these cases, intruders have been able to eavesdrop undetected, or completely disrupt meetings, often in ways that threaten the integrity and security of confidential business information.

A renewed focus on video security

As the conversation around the wider security of video meetings has grown louder, Zoom has announced it will backtrack on previous refusals to provide end-to-end encryption to free users of the service.  It’s is a major victory for the activists and civil liberties organisations campaigning for privacy and digital protection.  Data transmission is one of the most vulnerable areas of video communication and ensuring a comprehensive level of security is paramount for those taking part in digital conversations – whether that’s a personal conversation, or in a commercial environment.  During a video conversation, data travels over multiple networks – both public and private – and end-to-end encryption is the foundation of protecting this data in transit.

The recent campaign for access to encryption has placed a renewed focus on how vital security is to video communications – but this is something heavily regulated industries like banking and financial services have known for a long time.  But the COVID-19 pandemic forced many organisations to navigate a familiar landscape of uncertainty and regulatory pressure in an unfamiliar remote operational environment.  Finance is a high-risk, high-reward industry that requires rapid decision making and constant information exchange – all while building and maintaining crucial client relationships.  Video conferencing technology has offered a lifeline for many finance organisations around the world, however the rapid shift to remote operations has been drastic and unprecedented.  Maintaining productivity in the face of significant business disruption has been the key priority; security and compliance considerations have all too often been an afterthought.

In finance, end-to-end encryption is not enough – in fact, it’s expected.  Video conversations contain highly sensitive and confidential information – they must meet the same levels of security, privacy and confidentiality as in-person conversations.  In these environments, security breaches and financial fraud can lead to significant regulatory, financial and reputational damage.

End-to-end encryption is just the beginning

Financial services organisations are the backbone of the global economy and during the COVID-19 pandemic, they have the challenge of quickly delivering seamless virtual connectivity.  Under unprecedented pressure to roll out new technology, it can be easy to overlook the more fundamental requirements, in favour of rolling out new services and capabilities at speed.  New technology should not come at the cost of privacy and security.

End-to-end encryption – which is vital for privacy and security and will now soon be available via even the most basic video conferencing solutions – is not enough to meet the high standards required in financial services.  Instead, authentication is the key to ensuring the growing adoption of video conferencing in this industry meets the same high standards delivered to clients in-person.

Authentication provides a double layer of trust, ensuring both advisors and clients can be confident that they are speaking to the right person within an entirely confidential virtual space.  Only by ensuring video conversations are both end-to-end encrypted and authenticated can finance professionals provide the same level of privacy and security afforded to clients during a face-to-face consultation.  This ensures the identity of every conference participant is fully authenticated before the conference is initiated.

The digital future

The video conferencing authentication process is simple, but hugely effective.  It represents the first step in a more digital, video-driven future for financial services – providing all the necessary foundations for client security and privacy.  In the future, 2020 will undoubtedly be looked at as a year that changed financial services forever – globally.  The world has been at war with a novel virus and the effects have been profound.  But as the great military, Sun Tzu, said, “In the midst of chaos, there is also opportunity.”  Social distancing, lockdown and travel restrictions have forced us to rethink how we deliver client services and given us the opportunity to roll out cutting edge technology.  But while the results are already hugely positive, we need to ensure we are laying the right foundations for new innovation – making privacy and video security a priority in financial services now – not later.

The original article is published on Finance Digest.

By |2020-09-08T14:48:23+02:00August 18th, 2020|Categories: business, Latest Articles, News|Comments Off on Making video security a priority in financial services

Cybersecurity: in healthcare, encryption is not enough

By Amit Walia, EVP Managing Partner at Compodium

End-to-end encryption technology is not enough to meet the high standards healthcare requires. Instead, authentication is the key.

The recent news that one major video conferencing provider is to backtrack on previous refusals to provide end-to-end encryption to free users is a major victory for the activists and civil liberties organisations campaigning for privacy and digital protection. Data transmission is one of the most vulnerable areas of video communication and ensuring a comprehensive level of security is paramount for those taking part in digital conversations – whether that’s personal, for business, or in a healthcare environment. During a video conversation, data travels over multiple networks – both public and private – and encryption is the foundation of protecting this data in transit.

Security is vital

The news comes at a turning point for video conferencing. As we continue to move through the COVID-19 pandemic, most businesses are still navigating widespread remote working practices. Video conferencing use has skyrocketed. For many industries, this shift to remote working is unprecedented, and maintaining productivity in the face of significant disruption has been the key priority for most organisations. Security and compliance considerations have all too often been an afterthought. The recent campaign for access to encryption has highlighted how vital security is to video communications – but this is something heavily regulated industries like healthcare have known for a long time.

In healthcare, end-to-end encryption is not enough – in fact, it’s expected. Video conversations contain highly sensitive personal information and medical records – they must meet the same levels of patient confidentiality as in-person consultations. Zoom-bombing – where an unauthorised stranger intrudes on another’s Zoom conversation – may be damaging in a business meeting, or even comical during a personal conversation. In a healthcare environment, this type of security breach can lead to clinical, legal and phycological repercussions – not to mention a substantial damage of trust between doctor and patient.

Getting video right in healthcare

It’s crucial the healthcare industry gets this right. The video conferencing industry is predicted to surpass $50 billion by 2026, driven largely by growing adoption of the technology by healthcare institutions.

Even before the COVID-19 pandemic, video conferencing technology use in healthcare was increasing exponentially, with developing use cases in remote post-discharge programs, as well as specialist consultations such as speech therapy and dentistry boosting demand. And although randomised controlled trials (RCT) into the use of video conferencing in healthcare are still limited, reviews of the studies available – particularly into patients with long term chronic conditions – suggest video conferencing adoption can enhance care and management, improve access to care, improve patient outcomes, narrow health disparities and reduce healthcare costs overall.

Travel and consultation restrictions imposed by governments globally during the COVID-19 pandemic have acted as a substantial catalyst for video conferencing adoption in healthcare. The ability for the technology to protect patients – both for those where travel is challenging or untenable due to reduced services, as well as those at particular risk of illness – is clear.

Quickly putting virtual systems in place during the pandemic has been vital in enabling even the most vulnerable in society to continue to communicate with medical professionals. At the same time, this has also ensured medical professionals have minimal physical contact with patients, reducing the potential for workplace transmission for some of the country’s most essential workers.

Going beyond encryption

Over recent months, organisations across all industries have been struggling to meet the challenge of quickly delivering seamless virtual connectivity. Under unprecedented pressure to roll out new technology, it can be easy to overlook the more fundamental requirements, in favour of rolling out new services and capabilities at speed. Enabling doctors, nurses and healthcare practitioners to meet and treat patients virtually should not come at the cost of privacy and security.

End-to-end encryption technology – which is vital for privacy and security and will now soon be available via even the most basic video conferencing solutions – is not enough to meet the high standards healthcare requires. Instead, authentication is the key to ensuring the growing adoption of video conferencing in healthcare meets the same high standards delivered to patients in-person.

Authentication provides a double layer of trust, ensuring both patient and care giver can be confident that they are speaking to the right person within an entirely confidential virtual space. Only by ensuring video conversations are both end-to-end encrypted and authenticated can healthcare professionals provide the same level of privacy and security afforded to patients during a face-to-face consultation. This ensures the identity of every conference participant – whether that’s a doctor, patient, carer, interpreter, or parent -– is fully authenticated before the conference is initiated.

Looking to the future

The authentication process is simple, but hugely effective. It represents the first step in a more digital, video-driven healthcare future – providing all the necessary foundations for patient security and privacy. In the future, 2020 will undoubtedly be looked at as a year that changed healthcare forever – globally. The world has been at war with a novel virus and the effects have been profound. But as the great military, Sun Tzu, said, “In the midst of chaos, there is also opportunity.” Social distancing, lockdown and travel restrictions have forced us to rethink how we deliver essential services and given us the opportunity to roll out cutting edge technology. But while the results are already hugely positive, we need to ensure we are laying the right foundations for new innovation – building security and privacy in now – not later.

The original article is published on Healthcare Global.

By |2020-09-08T14:49:20+02:00August 12th, 2020|Categories: business, Latest Articles, News|Comments Off on Cybersecurity: in healthcare, encryption is not enough

Privacy and security at the heart of the video conferencing boom

By Amit Walia, EVP Managing Partner at Compodium.

With employees now used to working at home, video conferencing platforms have seen a surge in demand.  As Covid-19 forced organisations to quickly adapt to remote working, one application reported a 30-fold surge in users, whilst another clocked up more than 4.1bn meeting minutes in just one day in April, up from a daily average of 900m in early March.

More people are using a form of video conferencing than ever before, but this huge increase has also brought increased security concerns. Incidents of Zoom-bombing have been widely reported in recent weeks. Zoom-bombing is when strangers intrude on others’ meetings on Zoom. Sometimes, these intruders listen in without anyone knowing they’re there. Other times, they totally disrupt the meetings sometimes in ways that threaten the business in its entirety, integrity as well as confidential information.

A recent study by IBM found that remote work appears to be growing on people, as more than 75 percent indicated they would like to continue to work remotely at least occasionally, while more than half – 54 percent – would like this to be their primary way of working.

However, when it comes to financial services, there is a rightful expectation that all organisations provide an expert level of security around sensitive data. After all these companies possess a wealth of personally identifiable information (PII) and payment card industry (PCI) data, such as national insurance numbers, credit card numbers, birthdates, addresses, phone numbers, credit scores, and much more.

Over the years, some of the biggest data breaches have involved financial service providers, from banks and payment processing companies to loan providers and credit reporting bureaus. In fact, the most recent financial services data breach at Equifax affected over 100 million people.

But before companies rush to embrace further video conferencing as the new norm, they need to understand where potential risks might lie.  Companies need to understand that it’s not as simple as clicking a link and joining a video. There needs to be careful consideration to ensure privacy and security for all users, and their data.  There are good reasons that laws and regulations like GDPR, CCPA and HIPAA exist.

Here are some key considerations:

Use of your customers’ data should be front and centre

  • You must understand how your chosen video conferencing provider manages your data so make sure that you familiarise yourself with their policies in this area.
  • Know what kinds of user data are being collected. This will probably include basic information submitted by users such as a username and email address to establish a video account. But there is also the data that’s collected in the background – most likely without the user even knowing about it. This will be things like IP addresses, device types, platform operating system and called/calling party video addresses. The collection of these types of data is all pretty routine, but this leads nicely on to my next point…
  • You need to be aware of what’s being done with this information. There are certain things that are permissible. Using the data to enable the call itself is permissible, as is providing usage history to enable billing for example. However, it is not permissible to share the data with any unauthorised outside parties. Users of any video conferencing service should be confident that their not only data is private and secure, but should they wish to know they can ask the provider to tell them how they are using the data, where it is stored, how long it is stored for, and under what regulatory standards it handles such user data.
  • How is your data being handled? In addition to considering where it is stored, organisations must have a handle on who has access to the data. Even if the data is encrypted and not human-readable, there may be requirements that the data reside within a certain geography.

Security is paramount

  • First, understand what level of security you need?  Catching up with your friends and family via HouseParty is a completely different ball-game to sensitive business negotiations.  Most organisations are going to need a secure communications channel – but how secure should it be, and to what standard?  For meetings where you cannot compromise on security ensure industry security protocols such as AES-128, AES-256, SSL and TLS are adhered to.
  • In addition to encryption, consider other security tools such as waiting rooms that ensure only those invited can attend the call, which participants share content and the ability to eject unwanted participants.

Privacy and security built in

For many businesses, the first half of 2020 will be remembered as unusual, challenging but also transformational. Digital transformation has been a ‘must get on with’ process for CIOs the world over and indeed, many organisations are a significant way along this journey. The enforced work from home that we’ve just experienced has accelerated businesses’ need to equip teams with the tools to work effectively, efficiently, and securely. Today’s more-mobile workforce now requires greater, and more convenient, access to workplace collaboration tools than ever before – but privacy and security cannot be an afterthought – it must be built in.

The original article has been published on Finance Derivative

By |2020-08-11T16:31:53+02:00August 11th, 2020|Categories: business, Latest Articles, News|Comments Off on Privacy and security at the heart of the video conferencing boom