As organizations continue to use video conferencing platforms for meetings and training, the number of video recordings pile up. Organizations must know how to store these recordings securely.
Google Meet, Cisco Webex and Zoom video conference meetings have become the norm for most organizations. Additionally, remote work is changing the way people deal with content -- specifically video meeting recordings. To keep video content secure, organizations must educate their employees on the processes and compliance regulations they have in place.
How to manage video recordings
Organizations must know who can access, review and share video recordings.
Before an organization plans to secure video meeting recordings, it must create a strategy to manage video recordings. Some important considerations include the following:
- Decide whether the organization will enable video recording. Video conference recording requires IT configuration. Also, organizations must consult with state laws regarding recording.
- Define recording policies. Organizations must set standard operating procedures around recording. If an employee attends a meeting that someone else records, the involved parties must agree to not share that information or recording with anyone outside of the organization or the attendee list. With specific policies in place, organizations can enforce those regulations.
- Determine how and where to manage recordings. Organizations must decide whether they will upload content to Microsoft Stream, a third-party video streaming platform or a collaborative platform such as SharePoint.
- Educate users on how to manage recordings. Organizations must inform employees of the risks that come with video recordings. Employees should understand how to manage, distribute and share content in a way that aligns with compliance
Organizations can follow the six suggestions below to keep video meeting recordings secure.
1. Monitor user access
"What you have to be very cautious about is opening up access to meeting recordings when it's not necessary to someone's role," said Adam Preset, vice president and analyst at Gartner. After a video meeting, only the meeting participants, or people who handle compliance and quality assurance, should have access to the recording.
Organizations should ensure that if users share recordings, the recipients are other approved users.
"It is also important to set an expiration date associated with the sharing so that the video is not shared indefinitely with everybody," said Reda Chouffani, co-founder of Biz Technology Solutions.
2. Set restrictions and access controls
Legal and compliance officers are responsible for making policies to protect organizations. The organization then trains employees on how to handle the recordings and who is responsible for recording meetings.
"Typically, the meeting host or meeting organizer who manages the start [and stop] of the recording also has editing capability over the recording," Preset said.
The meeting host can also determine whether to cut out certain parts of recordings. For example, suppose a virtual meeting ends early, and the participants continue to talk while the meeting is still recording. In this case, the meeting host is responsible for cutting out unnecessary information from the recording. However, this decision depends on the organization and the policies in place.
3. Limit file sharing
Many enterprise video content platforms that handle recordings have access controls to ensure only the intended audience can access recordings. To ensure that users only share files with other authorized individuals, organizations should have multifactor authentication in place so only the content's intended audience has access.
However, organizations may struggle to prevent people from recording videos on personal devices and sharing those recordings elsewhere.
"There are some enterprise video platforms that watermark video recordings, so it will be very obvious that a certain person is viewing the recording and then recording it improperly using their smartphone or a screen capture tool," Preset said.
If the organization configures the environment properly and securely, this should not be an issue.
4. Secure transcriptions
If users can access a video recording, they can download the meeting transcriptions for offline use.
"What you should avoid doing is copying out the transcript from the system where it's stored and saving it [or sending it] somewhere else," Preset said. If someone downloads a meeting transcript, that person can write something in the transcript document that's different from what was said in the video. This can cause problems if the transcript has different information than the recording. Organizations should ensure employees keep all assets -- both transcriptions and recordings -- in one place to ensure security.
5. Don't use video for all calls
Employees don't need to record every video meeting, and not all calls require video. For example, if someone checks in or follows up with a client, the employee doesn't necessarily need to record the call.
"Generally speaking, it's out of necessity that a call needs to be recorded," Chouffani said. "Or there [are] some concerning issues that HR requires to record an incident, and they need to have the personal call recorded for future reference."
Some job roles, such as those in call centers, require the recording of all calls. Organizations should create written policies that explain when they require employees to record meetings. Typically, department heads have the final say on whether to record or not.
6. Choose enterprise over consumer-grade options
Organizations must choose software meant for businesses to keep content secure. Organizations can have full control over enterprise-grade options and can encourage employees to use those secure platforms.
"When you have these kinds of enterprise solutions, they will typically have retention policies," Preset said. "[These services] will have ways of keeping a video recording around only as long as it's necessary for the business, whereas a consumer account won't have those kinds of policies and limitations."
Some users also prefer third-party products to make processes easier -- for example, video transcription -- but those products could also put important information at risk. Third-party tools may not have the same policies and limitations as the organization, so users must be cautious. People who want to incorporate third-party tools in their daily processes should consult with their security officer or department head, Preset suggested, and see if the organization already has a secure tool they can use.