fbpx

Protecting your security and confidentiality in your PEP sessions

Protecting your security and confidentiality in your PEP sessions

In light of COVID-19, many businesses and individuals are turning to web conferencing systems to connect online. As an organisation, we are committed to protecting your privacy and confidentiality whilst using the Zoom web conferencing software.

This guide outlines the settings and procedures we use to ensure that PEP virtual spaces remain as safe and confidential as possible. It has been developed through reference to the Australian Government’s ‘Stay Smart Online’ Guidelines, and Zoom security recommendations.

Security built into Zoom

Zoom uses a combination of Transport TCP and UDP which is the same level of encryption used by a ‘https’ web protocol for a secure website. Additionally, we have enabled encryption for 3rd Party Endpoints (H323/SIP), a VoIP protocol which prevents calls being intercepted.

However, you should be aware that Zoom does NOT currently support end-to-end encryption (E2E). As such, you should be aware Zoom may have the capability to access all recorded sessions and that it is possible for Zoom sessions to be subpoenaed. While Zoom denies that they have ever built a mechanism to do this, we nevertheless advise you to be aware of this when participating in any Zoom session, whether with PEP or otherwise.

Zoom is not based in Australia, and as such, this may pose a security risk. Without explicitly naming any product, the Australian Cyber Security Centre warns, ‘The use of offshore web conferencing solutions introduces additional business and security risks. For example, laws in other countries may change without notice and foreign-owned service providers that operate in Australia may still be subject to the laws of a foreign country.’

Whilst other tools (e.g. Skype Private or Facebook Messenger with the ‘Private Conversation’ setting) have enhanced E2E security, Zoom offers superior learning facilitation support and connectivity and telepresence that is unmatched by competitors. Therefore, we have made the decision to still use Zoom, whilst advising clients of this security shortcoming.

Our security practices relating to web conferencing

We’ve used the following recommended Zoom protocols to secure the learning space.

Locked Virtual Spaces

All PEP virtual sessions require you to enter a separate password to enter the virtual space. This is to ensure that we don’t have any uninvited guests.

When you receive a meeting request from us, you will also receive a separate email with the password you need to access the meeting.

A unique Zoom session for every session

To avoid the chance of unauthorised access, we have a unique scheduled Zoom meeting for every group and 1:1 session. You will need to access this from the scheduled meeting invitation in your online calendar.

This session is emailed directly to participants, and we ask that you keep it secure to you only.

Waiting rooms and rollcall on entry

When you sign into a PEP virtual session, you’ll arrive in our Waiting Room.

Your coach will check your name against our participant roll to ensure that only registered participants are admitted into the space.

 

Your confidentiality

Being able to speak freely and in a confidential manner is critical to PEP’s group and 1:1 coaching method.

We do not record sessions

Participant confidentiality and psychological safety is important to us. We do not record sessions. We do maintain an attendance log. Live participation is critical to PEP’s model, however, if you are unable to attend a session for some reason, please contact us prior to the training to arrange a suitable alternative.

Please use a private location

We ask that you be mindful of the confidentiality of the session and ensure your location is private and use headphones, so as not to broadcast discussion in your surroundings.

We do not use Attendance Tracking

Since Zoom does not advise participants that they are being attendance tracked, we don’t feel it’s ethical to use this feature.

 

Security settings in favour of greater collaboration and learning

As our group sizes are small, our coaches facilitate a rich and immersive learning experience by unlocking some features that are commonly ‘locked down’ in larger group conferencing sessions.

Web cam and voice are mandatory

To ensure an optimal experience for everyone, we ask that you attend with your web cam and voice turned on.

Chat is encouraged

Some providers keep the chat ‘locked down’. We encourage relevant chat using the chat panel.

Breakout sessions are plentiful

We believe in the value of peer collaboration and group work, so have enabled Zoom breakout rooms.

Screen sharing is allowed

If you have work in progress that you’d like to share with participants or your coach, you can share your screen. It is good practice to only share the application required, not your full computer desktop.

Virtual backgrounds are allowed

If you are working from home and don’t want to share your home setting with other participants, you may select a virtual background. We ask that your choice of background image be respectful to other participants.

No email registration required

We handle registrations separately from Zoom so that your private details are not stored within Zoom’s system.

 

Monitoring security and privacy developments

Zoom security updates are changing daily, and we are continually monitoring security and privacy developments regarding Zoom and other web conferencing tools. We will update our policies and procedures as new guidelines come to light.

What about using clients’ existing web conferencing platform?

For clients who have specific approved web conferencing platforms, we are happy to speak with you about the possibility of using this in preference to Zoom.

Any other security questions?

For any other Zoom or security-related question, please speak with our team prior to the start of your session. We’ll be happy to help.

Let’s talk!

GET IN TOUCH

Together, we’ll transform your business.