Amit Walia, CRO at Compodium, looks at the security risks of business video conferencing.
The changes businesses have made to ensure business continuity during the COVID-19 pandemic mean that distributed, remote workforces are now commonplace in every country around the world. While remote – or certainly flexible – working was already gaining popularity, in most industries the pandemic has catapulted organisations years forward in terms of both working practices and technology. Video conferencing is now ubiquitous. Indeed, the ability to communicate with customers, colleagues, clients – even patients – using video conferencing platforms offered many organisations a practical lifeline in 2020.
Authenticity in an era of digital meetings
The year has been a turning point for video conferencing. No longer an occasional tool or ‘nice to have’ – video conferencing platforms are now a staple component of most organisations’ wider IT toolset. This shift has seen a new take on authenticity – how to be (or at least appear) authentic in a business video meeting. What to wear (hint: ditch the stripes), how you should think about lighting, what background to choose – all questions most people had not considered in a previous era of occasional video calls. Indeed, with limited research on the subject, Harvard Business Review set out to answer these questions once and for all in March 2020 with its own research.
However, while the right lighting, shirt pattern and background colour may help someone seem more authentic on a video call – how can you be sure that the person you are talking to is indeed who they say they are? For many businesses now using video conferencing as a primary communication tool, meetings can contain commercially sensitive, confidential and at times even regulated information – from personally identifiable information (PII) to payment card industry (PCI) regulated data. Whether it’s a new client, customer, or a first-time meeting with a partner or other third-party organisation, the ability to guarantee you are discussing the right information with the right person over video is now paramount.
This question might seem odd – after all, how often would you ask someone for ID if you meet them in person? However, outside of the confines of virtual communication, impersonation becomes far harder. People are indeed asked to verify their identity regularly – for example when entering an office building – and the nature of in-person meetings means there are many more safeguards in place against sensitive data loss.
Privacy and security built-in
The question of digital authentication is part of the wider security concerns brought to light in the rapid and widespread adoption of video conferencing. Controversies over encryption levels and the practice of “Zoombombing” – where strangers intrude on others’ meetings – have been some of the most widely reported this year. Intruders have been known to listen in on video calls without anyone knowing they’re there. Others have completely disrupted meetings in ways that threaten the business in its entirety, integrity as well as confidential information. A prime example in one high-profile case saw pranksters intruding on a court hearing of a man accused of July’s Twitter hack.
As the conversation around the wider security of video meetings has grown louder, Zoom announced it would backtrack on previous refusals to provide end-to-end encryption to free users of the service. This was a major victory for the activists and civil liberties organisations campaigning for privacy and digital protection – data transmission is one of the most vulnerable areas of video communication. Ensuring a comprehensive level of security for those taking part in digital conversations is now vital. During a video conversation, data travels over multiple networks – both public and private – and end-to-end encryption is the foundation of protecting this data in transit.
End-to-end encryption – which is vital for privacy and security and will now soon be available via even the most basic video conferencing solutions – is not enough to meet the high standards many businesses require. Instead, authentication is the key to ensuring the growing adoption of video conferencing meets the same high standards delivered to clients, customers or partners in-person.
Authentication provides a double layer of trust, ensuring both parties can be confident that they are speaking to the right person within an entirely confidential virtual space. Only by ensuring video conversations are both end-to-end encrypted and authenticated can businesses provide the highest levels of privacy and security. This ensures the identity of every conference participant is fully authenticated before the conference is initiated.
Securing the digital future
The video conferencing authentication process is simple, but hugely effective. It represents the first step in a more digital, video-driven future for businesses. For many, 2020 will be remembered as a year of change – extraordinary, challenging but also transformational. Digital transformation has been the key driver for CIOs and business leaders – to ensure business continuity, agility and continued commercial success in a fundamentally changed world. Equipping teams with the tools to work effectively and efficiently from any location has been crucial – but business leaders must ensure that this doesn’t come at the cost of security.
Privacy and security must be built into the digital future. Businesses need to ensure they are laying the right foundations for continued innovation. Without question, video conferencing and digital meetings will continue to play a significant role for businesses in 2021. Ensuring security and privacy are at the heart of this will be crucial.
As David Attenborough warned earlier this year, our climate is in danger and the need to take action has never been more urgent.
Data shows the amount of carbon dioxide that has built up in our atmosphere – due to burning coal, gas and oil since the 19th century – is probably more than in the past three million years combined, becoming the highest it’s ever been in human history.
Recent research by the Carbon Trust reveals that almost three quarters (74%) of organisations expect their environmental priorities to become more important next year. Nearly two thirds (63%) of businesses are also planning to increase their sustainability budgets in 2021 as a result of the pandemic.
The end of the year is approaching and at Compodium we’re already planning for 2021. Equipping organisations to fulfil their sustainability priorities is central to our company’s values and purpose.
Our secure, authenticated video communication platform, Vidicue is helping our customers to reach their environmental commitments. In addition, research showsremote working, supported by the use of video communication technology, raises productivity and improves people’s work-life balance by reducing their need to commute.
The associated benefits of fewer traffic jams, particulate and carbon emissions are tangible progress towards a greener, cleaner future for all – especially for our children and future generations.
I hope that over the coming months we can take our learnings from this unprecedented time and use them as a force for good.
Wednesday 16th October marked the launch of our Vidicue platform. Since then, demand has been accelerating at a rate far faster than anything we at Compodium had anticipated.
Putting it into context, we know the Covid-19 pandemic has changed the way we communicate, with research by Ofcomshowing that adults are now spending over four hours per day online. And during lockdown, the number of people making video calls doubled.
Research by Forbes shows us organisations are becoming increasingly aware of the value video communication brings to colleagues, as they become more dispersed and in-person interactions increasingly less practical.
Security concerns go hand in hand with video communications, particularly where children are involved, which is why more and more people are turning to Vidicue to solve this issue for them.
Our Vidicue platform is highly secure, as all users have to authenticate before they’re admitted to a meeting, providing a double layer of trust.
Our partners are finding that more and more customers are requesting Vidicue’s military grade security level to protect users and organisations. In fact, Ofcom’s research found that nearly two thirds (57%) of adults support improved regulation of video-sharing platforms.
Vidicue’s inbuilt security features mitigate the potential for data and GDPR breaches, bringing reassurance to organisations and their employees.
I think that explains why we’re seeing such an upsurge in interest for Vidicue. So far, our customers are delighted with the service they’re receiving from Compodium, particularly the customisable and scalable nature of our solution.
As we head into the winter, we’re envisaging that changes to our ways of working will become more embedded, with many people continuing to work remotely.
With Vidicue, we’re continuing to drive innovation to bring our customers cutting-edge technology, highly secure with an optimised excellent user experience.
It’s incredible to think the earliest ideas about transmitting an image at the same time as audio began as long ago as the 1870s, when Queen Victoria was still on the throne.
The technology to take things to the next level hadn’t been invented then, although the first telephone was patented in the US in 1876.
It wasn’t until the early 1900s that the first video camera was invented by John Logie Baird. Video cameras didn’t really catch on until the 1970s, quite a long time after the Bell’s Lab video phone was developed in the late 1920s.
So, it’s not surprising that the word ‘video’ didn’t evolve until 1935, and people didn’t start using the phrase ‘video phone’ until the 1950s.
Much of the technology that was being developed during the majority of the 20th century was funnelled into analogue television.
It took until the 1980s for video communications to gather momentum, when transmitting video images became possible over analogue phone lines, although at that time it was extremely costly.
How digital changed everything
The switch from analogue to digital marked a significant change in the world of video communications.
Compodium launched during that period, in 1997, when we began by helping people to connect with one another via telephone lines. Compodium were delivering pioneering services such as bringing people together from different parts of the world for remote conferences.
Back then though, the concept of secure and authenticated video communications wasn’t even on the radar. Compodium’s first Vidicue platform was launched from 2010.
The challenge of video has always been the amount of data needing to be transmitted as it’s far more than with an audio call. High definition video calls need almost 11 MB per minute, which is much easier to service today with superfast fibre network connections.
At Compodium, the quality and stability of the images we’re transmitting is very important because we know that regulated industries such as healthcare professionals rely on them to make diagnoses and treatment decisions.
Hand on heart, it makes me feel so privileged to know that some people are using our platform to save lives every day. There’s no greater honour than that.
Today we’re in a global video communications revolution, with demand booming as people are becoming more aware of what the technology can do for them and their business.
As we launched our new Vidicue platform in October 2020, we’re feeling excited as a company about the benefits this will bring to our customers. As we seamlessly migrate our existing customers onto the new platform, they’ll experience even better stability and quality, with all the military-grade security features that already provide so much value.
Over time, we’ll be introducing other innovative features to give our customers superior functionalities, surpassing their expectations.
We’ve also recently welcomed our new CEO Charlotte Berg, an accomplished leader who’s bringing her charisma, expertise, global network, thought leadership and professionalism to drive Compodium to the next level.
We’ll be taking forward our global expansion plans and moving into new markets as more and more businesses see the value that Vidicue brings.
There may be many motivations for someone planning to carry out a cyber crime… or maybe none at all. Where opportunity exists, so does risk. And with it, the need for protection. Amit Walia, Chief Revenue Officer at Compodium, explains why no suits of armour are needed with Vidicue’s high level security.
Amit, how secure is Vidicue?
Our security on the Vidicue platform is military grade, catering for all regulated industries that seek trusted communications.
We have inbuilt cyber security features including end-to-end encryption, in-house data management and unique virtual meeting rooms.
Our software is built around Compodium’s own algorithms, designed by our technical team in Sweden using our own source codes.
With all of these features in place, customers are protected against any potential cyber-attack – no suits of armour required.
How reliable is Vidicue?
All our customers across any sector can rely entirely on our Vidicue platform to keep their video communications safe, with positive user experiences.
In the last few months across the world there’s been an explosion of virtual communications. People are talking to one another more than ever, using a whole range of different platforms.
I’m not here to compare platforms, but what I can say is this: Compodium’s entirely different to anything I’ve been involved with before, even having been in the industry for over twenty years.
Is that what made you join the company?
I joined as an advisor and investor and then took to the operational business leading worldwide sales and marketing because I was drawn to the company’s unique value proposition, the team and the platform.
We’re very close, there’s no hierarchy or individual glory. I know I couldn’t be successful in what I do without the team who work alongside me.
I enjoy being part of a global team and staying in touch is easy because we use our own technology.
Whether I’m talking to prospective customers or working with the team regarding on-going projects, every day is different and I’m genuinely proud of the benefits our Vidicue platform creates.
Vidicue safeguards users against unauthorised people accessing meetings by requiring them to verify the identities of all participants. This is especially important when there are children involved – parents and teachers need to be able to trust that their children are not at risk of being exposed to inappropriate material via third parties.
Healthcare professionals in different locations are using Vidicue to make urgent life or death decisions when every moment matters. In situations like these, there isn’t time for a patient to be waiting for a specialist to visit, they need to know there and then what to do to save that person’s life.
Knowing Vidicue is helping to save lives is an amazing feeling.
Who are your customers?
Vidicue is a solution for all regulated industries, such as finance and healthcare as well as Government and Enterprise.
Our platform is customisable because it’s modular and suits a wide range of customers. From the outset, we treat everyone as an individual and work with them to create the most appropriate solution for them.
We’re motivated by providing the right solution for each customer and their particular industry. What works for a community healthcare provider, for example, may not be suitable for a firm of accountants or Government officials.
We value our customers’ loyalty too, making sure we look after them with our suite of global logistics hubs. We have a 24/7 technical helpdesk available, giving customers access to over 400 engineers globally, covering 9 different languages.
Compodium have an extensive portfolio which includes Connected Events, Web Casting and Video Conferencing Professional Services.
We want our customers to expect value for money but most importantly we deliver an optimised service from the global team at Compodium.
Our customers tell us they enjoy the peace of mind that our identity verification process gives them. It ultimately provides reassurance from a data privacy perspective, addressing key points such as GDPR and complete data protection.
Underneath, there’s a web of complexity – processes, a network and data – but to our customers it simply works.
With such a broad reach, you must value diversity?
Diversity brings different people, experiences and ways of thinking into the mix, enriching our lives and sparking creative and innovative thinking.
We’re fully committed to equality and diversity within the company, bringing in new colleagues with fresh ideas and expertise to lead us into new markets.
We’re proud of our recent appointment, Charlotte Berg as our CEO. She brings a new approach to Compodium, with thought leadership and the strategic vision for accelerating global growth.
We’re also expanding our global salesforce and we were delighted that Anette Ericsson joined us as Head of Marketing earlier this year. The marketing team has subsequently grown under Anette’s stewardship and is operational in Sweden and the United Kingdom.
What’s your strategy for the rest of 2020 and beyond?
Building our affiliations with the United Nations, addressing key topics such as sustainability, climate control and working with regulated industries.
We’re going through a significant period of growth, expanding into Europe, the Middle East and Africa as well as Asia and the Pacific.
Our innovative technology is cutting edge but what really sets us apart is the way we look after our customers.
At a time of universal upheaval, we’re working harder than ever to provide our customers with reliable, secure services while surpassing their expectations.
Amit Walia, Chief Revenue Officer at Compodium, discusses why privacy and data protection will be central to video conferencing in public sector digital transformation, post-COVID
A recent report by Ofcom found that more than 70% of us now take part in a video conference at least once every week. That’s a significant increase from just six months ago and we’re all well aware of the reason why. What’s more, recent research from Sungard Availability Services suggests this trend is set to increase post-COVID, with many UK consumers having used lockdown to move to a digital-first mindset. Given government guidance is now moving back to encouraging people to work from home where possible, this is likely to increase even further.
For many people in the UK, a significant proportion of their personal and professional lives now exists online. And while the country has experienced a leap in the use of digital services, Sungard’s research also reveals rapidly changing service and availability expectations from users.
Beware: Changing expectations
Digital transformation has been taking place across the public sector for some time, and many local authorities and public sector organisations were already struggling to keep pace with the customer experience offered by private organisations. Then, coronavirus hit and the monumental shift to digital services in recent months has placed even more pressure on the public sector to match the increasingly demanding expectations of those using citizen services.
Yet, while functionality and uptime are undoubtedly important parts of the customer experience, one area consumers are not prepared to negotiate on is security. This – above all else – needs to be the priority for the public sector in the renewed drive for digital transformation. 72% of UK consumers say they would immediately switch provider if they were to experience a data breach from a private organisation, while in the US 55% have already changed providers or reduced service levels due to technical issues in the last few months. nI the private sector, this can cause revenue loss and reputational damage, for the public sector the consequences could be far worse.
Video conferencing tools are becoming the cornerstone for all organisations in the shift to a new, digital-first service delivery environment. But while they are now a must-have for any public sector organisation providing citizen services, the adoption of these video conferencing platforms can pose a significant threat to the privacy and security of communications. Who can have failed to read about the recent Zoom-bombing incidents, including one infamous case in a New Zealand courtroom?
Understanding the risks
Before public sector organisations rush to embrace video conferencing, they need to understand where the potential risks are. While it may seem as simple as joining a video session via a single link, there are far more privacy and security considerations that need to be made to protect citizens’ data. These range from basic security and authentication safeguards to ensuring communications meet the requirements of regulations like GDPR.
A comprehensive understanding of the risks involved will always centre on user data – including how video conferencing providers are accessing, collecting, managing and storing this data. However, before you can ensure this data is protected you need to know exactly what data is being collected. Under normal circumstances this will include a username and email address, as well as data collected in the background, such as IP address, device, operating system and call information. In a public sector context, this information will likely be linked to wider user information contained in public records and databases of previous interactions, so any access to this must be taken into account.
Once you have a clear idea of the data being handled, the next step is identifying how data is being used and any associated restrictions that might be governing this. For example, processing the data to support the function of the call is fine, but sharing the data with unauthorised third parties is not. Those using citizen services need to be confident their data is private, secure and the handling meets any relevant regulatory standards.
Security is the bedrock of data protection and any video communication channel being offered to citizens should provide industry security protocols such as AES-128, AES-256, SSL and TLS. Beyond encryption, public services should provide further security tools such as military grade authentication, waiting rooms and confidential communications, to ensure only those individuals invited to a video call are able to attend.
Privacy and security best practice in video conferencing
The recent pandemic has fundamentally changed the way public services are delivered, speeding up a drive for digital transformation that was already well underway in the public sector.
There’s no question as to the significance that video conferencing has played here, but while it is not a new technology, many organisations have rushed to roll out services under significant pressure. As the dust settles and it’s become clear that many of the recent changes public sector organisations have made are here for the long term, there is a greater need for a new focus on protecting the sensitive, confidential and valuable data contained in video conversations.
Privacy and security cannot be an afterthought – it must be built in – and it is not yet too late to ensure this is the case. But as the public sector communication landscape continues to evolve, we must ensure that people have a positive, safe and protected experience.
Finding harmony between the different aspects of life is central to our happiness and wellbeing.
Sadly we’re still living with uncertainty, so prioritising wellbeing is more important than ever to avoid burnout, a state of exhaustion that the WHO recognised as an ‘occupational phenomenon’ in 2019.
The Covid-19 pandemic has led to many people working remotely and relying on video communication platforms to keep in touch with their colleagues.
Openness and honesty about the challenges and joys this brings are essential. It’s important to recognise that people are often balancing work with parenting or caring commitments.
Home-working has become a familiar and relatable situation, often injecting humour into our days, with pets and children making guest appearances or a knock at the door mid-meeting.
In many ways, our working lives have become more informal and personable, which I think is a positive change as it’s helping to break down barriers.
With social distancing requirements likely to be with us for the foreseeable future, it’s important that we continue using video communication technology to make our lives easier.
Video calls give people the ability to check in with their colleagues as well as engaging more formally for meetings. Keeping in touch is helpful for wellbeing as it’s a time to reflect on how things are going, resolve any issues or just to talk.
We’re all navigating our way through challenging times, and people are sharing innovative and resourceful ways to help us make the most of this unprecedented era.
Finding the balance
Many health and fitness practitioners are using video communication technology to continue their teaching, with classes on everything from yoga to karate happening in living rooms far and wide.
Online workouts with Joe Wicks became a daily routine for many during the national lockdown, seeing him awarded with a Guinness World Record and an MBE.
Work colleagues are also using virtual meetings to keep in touch socially with one another, engaging in virtual quizzes and after work drinks. And organisations are providing online wellbeing talks and activities to help people with their mental health during the pandemic.
Whilst the new normal is still as much a goal as a reality, video communication is making the difference to people’s lives, helping us to find the balance between all the aspects of our lives.
It’s exciting to consider how this will evolve over the coming months and years as people find ever more innovative ways of harnessing the opportunities it brings.
A recent report by @Ofcom found that more than seven in ten of us now take part in a video conference at least once every week. That’s a significant increase from just six months ago. And we’re all familiar with the reasons why. As universities welcome students back for the start of another academic year, video conferencing will continue to play a significant part in their lives as the laptop becomes the digital lectern. And with the latest statistics showing a sharp rise in cases of Covid-19 throughout a number of UK universities, video conferencing will become an essential link not only to their studies, but to friends and families too.
However, a word of caution. Just as video conferencing tools are now a vital communication tool, the adoption of these platforms can pose a significant threat to the privacy and security of our communications if not implemented properly. Who can have failed to read about the Zoom-bombing incidents earlier this year. And just last month, Zoom’s video conferencing platform crashed coinciding with US schools returning after the summer vacation, leaving hundreds of thousands of students, teachers and workers unable to connect. Fortunately the outage lasted only a few hours, but both these incidents illustrate the importance of utilising a video conferencing platform that’s ‘fit for purpose’ – one that is not only robust and scalable, but puts users privacy and security at its core.
Enhanced security features and technical advancements are being added to video conferencing platforms all the time to help minimise the risk of succumbing to a security incident. But in addition, there are also some straightforward steps that organisations and users alike can take to ensure privacy and security concerns are minimised.
For organisations these include:
Data Protection – the arms of data protection regulation are long and complicated. Having come into play in 2018, many organisations have found themselves on the wrong side of the General Data Protection Regulation (GDPR) and the Information Commissioner’s Office (ICO) has imposed some considerable fines. All organisations should consider whether information being shared or recorded will have a data protection impact. If you’re unsure, you should conduct a Data Protection Impact Assessment to help determine the best way forward to remain within the scope of regulations such as the GDPR.
Reading and understanding the various privacy policies – users should be able to trust that companies will respect and protect their privacy and security. Many of these policies draw on the Digital Standard, a set of benchmarks that can be used by organisations to design digital products that are respectful of consumer privacy rights. Policies vary but they should include information for assessing how secure the tool will be, including whether communications will be end-to-end encrypted or not.
Create user guidelines – users should be provided with an organisation’s policy on the use of video conferencing technology so that they are aware of the measures that have been implemented to protect their personal data as well as the rules governing usage.
Familiarise yourself with the platform’s functionality – most platforms have options that enable users to improve security. This could be configuring controls to enable the waiting room option, the screen share option or even simple steps like using a background image to prevent personal data being visible during a call.
For students working from home, or private rental properties, they should ensure their home router is not using the default administrator password and IP address. Changing the administrative password on the router is a good idea. Sometimes it comes with a complex password which is good, but it’s even better when it’s something only you know.
Although 2020 will likely be remembered as a year of disrupted education, cancelled holidays, postponed celebrations and more, the silver lining is that we have access to technology that enables us to carry on, regardless. Video conferencing tools have been the saving grace for many of us, and so long as we secure communications and maintain privacy by implementing sensible precautions most aspects of our lives can continue to operate relatively normally, despite the global pandemic in our midst. At the heart of this is having a video conferencing policy which outlines the expectations and requirements from both the organisation and its users.