Mind the Privacy Risks of These Apps when You Work from Home

When you work from home, pants are optional, and a Tuesday can look pretty much like a Saturday. If this is the first time you heard these jokes, feel free to share with any remote worker who might enjoy them.

Btw, we all know sharing is caring, but that is not the case when it comes to collaborating with colleagues on Google Docs, for instance. Or when you send sensitive business information or personal account details through Slack.

Have you done these things already? Well, don’t worry, I’m here to teach you how to make things right.

Here’s how to mind your privacy when using Zoom, Slack, Google, and Microsoft Teams to work from home.

Increase the privacy of your Zoom calls

Zoom, the popular video-conferencing tool, has a built-in tracking feature that allows your meeting host to see if you are paying attention to the video conference.

Let’s say you take notes, read a document, or chat (online) with a colleague. Even if you’re discreet and do them for the meeting, the host can interpret them as a sign you’re distracted.

How is that? The tracking option alerts the host if you spend more than 30 seconds without focusing on the Zoom screen. Research has revealed that Zoom also collects personal information, such as:

• • • Location data
    • Operating system details
    • IP address
    • Type of device used (Apple Mac, iPhone, Android, or Windows device).

If it’s not mandatory, keep your camera off, or switch to a different device for other tasks.

Mind the cloud recording feature

Smile, you’re on camera!

But maybe you won’t feel like smiling once you realize everything you do in a Zoom meeting is under intense scrutiny. For example, a host can record a meeting and save all active chats’ transcripts to the cloud. Later on, authorized users can access them, even if they were not originally in attendance.

A useful tip here: administrators can limit access to just pre-approved IP addresses, even if the recording has already been shared.

Keep Zoombombing away

Zoombombing is a form of Zoom trolling where users exploit the screen-sharing feature and show questionable videos.

Zoom finally offers end to end encryption (E2EE)! No more #zoombombing This is an amazing feature for corporate meetings. Zoom initially made its users pay for the E2EE, but after some backlash, they made it free to all of their users. #MCO335 https://t.co/53UgIpaLRs via @ZDNet

— Laura Bradley (@llbradl1) October 31, 2020

To prevent zoombombing, here are the settings you need to pay attention to:

• • • Disable “Join Before Host” so people can’t cause any trouble before you arrive.
    • If you need to, enabling “Co-Host” so you can assign others to help moderate.
    • In case you don’t absolutely need it for your meeting, err on the side of caution and disable “File Transfer.”
    • Disable “Allow Removed Participants to Rejoin,” so booted attendees can’t slip back in.

Don’t let Slack track your every move

If you use Slack, sharing files and links in chats is probably the norm for you. But, because of a default setting in Slack, any link to a file you share automatically turns into a public link. That means anyone who gets it can open it; the app won’t request any password or login.

Make sure to restrict access to your documents just to people inside your organization.

Mind your direct messages

If you’re on a paid plan provided by your employer, you can’t really have any privacy expectations, and your contract probably makes it clear.

However, you can check if your manager can see your direct messages. Here are the steps:

• • • Sign in to Slack in a web browser.
    • Head to slack.com/account/team
    • Click on “Retention & Exports.”
    • Scroll down to “What data can my admin access,” and there you’ll have your answer.

If the page only says that public data can be exported, your DMs are safe from your boss.

However, if “Workspace Owners can also export messages and files from private channels and direct messages,” then you guessed it, your DMs can be seen.

Protect your Google documents

As an office worker, you probably use Google Drive a lot, but are you familiar with all the privacy settings? Here is what you need to know about how to keep your data private when sharing files from your Google Drive.

With Google, you can choose from three document sharing options, each having different privacy and access settings.

The “Public on the web” setting does exactly what it says on the can. Your document will be available for anyone to access.

The “Specific people” setting makes your file available only to the ones you choose to share it with.

“Anyone with the link” is the most used setting, but it’s commonly mistaken as restricting access. But if anyone shares your link, things are no longer that private.

Let’s also consider another scenario. If you link to websites in your document and people visit them, the webmasters end up with your Google file’s address in their registry. And I bet they were not on your list of intended recipients.

Better safe than sorry, so make sure you restrict access to your Google Drive.

Keep your Google Meet links private

Setting up video meetings with Google Meet is a piece of cake, since all you have to do is give people the invite link with your meeting code.

Since meeting codes are randomly generated, they’re pretty hard to guess. All you have to do is make sure you don’t share your link publicly or don’t allow people from outside your company on your calls.

Stay away from Microsoft Teams privacy snafu

Microsoft Teams is a popular business communication platform, and maybe you use it too.

But one of the biggest problems with Teams is that a user can deliberately or accidentally share confidential information with unauthorized parties. This can put the company’s intellectual property, compliance status, and reputation at risk.

Keep cross-sharing to a minimum

Teams allows for both internal and external chat. And just like in any business chat app, people can engage in group or private conversations.

The persistent chat feature of Microsoft Teams makes it easy to find an ongoing conversation inside a given channel or chat. But those chats and files might end up within other Microsoft apps, so check all the permissions you’ve been granting.

Make sure no people outside your company have access to your documents.

Set up secure guest access

You can use the Guest access settings in the Teams admin center to configure guest users’ level of access. For maximum security, you can leave guest access disabled.

You can also turn on guest access but disable certain privileges like screen sharing or peer-to-peer calls.

Review your data retention policies

Use retention policies to allow the removal of data that’s no longer needed.

Use data loss prevention settings

You can set up Data Loss Prevention (DLP) policies to automatically block unauthorized users from sharing sensitive data in a Teams channel or private chat.

DLP policies also help you enforce privacy and prevent data breaches.

Embrace remote work apps and turn into a pro

Now that you know more about the settings of some of the apps you probably use every day, I hope you’re better equipped to protect your privacy.

Even if you can still rely on your IT department’s support, learning to deal with a few tech aspects can only be beneficial to you in the long run.

Just remember to be cautious, follow your company’s policies, rely on trusty helpers like our Virtual Private Network software, and make the most of your workday! You’ll feel more comfortable knowing that your data and files are all safe and sound.

What are the apps you use most often for work? Are you getting more familiar with their privacy settings?

Let me know in the comments below.