Security Concerns for Slack, Loom, Campuswire, Discord, and WhatsApp

Slack

Slack is a collaborative tool used in various Davidson College departments and working groups to help facilitate communication. Faculty and staff can set up a workspace on Slack for free here. Special security considerations apply to communication applications like Slack, including the following:
      • Davidson College employees should not share any sensitive business information or private account details through Slack.

Protected information meeting the description of FERPA records should never be shared, even in private messages, on Slack.

      • FERPA information includes but is not limited to student personal information, grades, and videos and images containing students.

Protected information meeting the description of HIPAA records should never be shared, even in private messages, on Slack. HIPAA records include any information regarding any individual’s personal health records.

FERPA, HIPAA, and records pertaining to college business should only be shared in official college systems; for example, individual assignment grades can be reported on Moodle, course averages can be shared on DegreeWorks, etc. 

Set up 2FA on Slack

Enabling two-factor authentication is a simple way to add an extra layer of security to an account by requiring additional verification from another device.
Workspace Owners and Admins can make 2FA mandatory for members of their workspace:
      1. From your desktop, click your workspace name in the top left.
      2. Select Settings & administration from the menu, then click Workspace settings.
      3. Click Authentication.
      4. Next to Workspace-wide two-factor authentication, click Expand.
      5. Click Activate two-factor authentication for my workspace, then enter your password.
      6. Customize the Slackbot message for your members, if you'd like.
      7. Click Activate two-factor authentication. Members will get an email and Slackbot message to help them get set up. 

Members who don't set up 2FA within 24 hours will be signed out of Slack and prompted to set up 2FA before they can sign in again. New members will be required to set up 2FA before creating an account and signing in to Slack.

 

Loom

Loom is a video sharing and communication application that enables users to create and share videos of their screen, voice, and face all simultaneously. Share videos on Loom using Loom's Custom Access security features.
        Custom Access gives you an extra layer of video security. If your video contains sensitive information and you’d like to make sure only a specific person (or group of people) can watch your video you can enable 
Custom Access.
        This way you can be sure your Loom recording will only be seen by those it's intended for. 
This works in a similar way to sharing a Google Doc. 

Loom Custom Access security

Invite specific people to view your Loom recording or create a public link!

Custom Access gives you an extra layer of video security. If your video contains sensitive information and you’d like to make sure only a specific person (or group of people) can watch your video you can enable Custom Access. This way you can be sure your Loom recording will only be seen by those it's intended for.

This works in a similar way to sharing a Google Doc.

You can either...

    • Share Public Link - allowing anyone with this link to view your video.
    • Enable Custom Access - (Share Privately) allowing only people who have been invited to view your video

How do I add Custom Access to my video?

      1. From your My Video page, open the video you'd like to enable Custom Access for.
      2. Under Privacy, click Invite People.
      3. Type the email address of those you grant access for, then click Add email, then Save.
      4. Once you've done this, your video will automatically be set to private and inaccessible to anyone except those who have received Custom Access. 

Please note

Your recipient will need to be logged into their Loom account with this email in order to watch your recording.

Custom Access: Public Videos

By default, your Loom URLs are not searchable. Only people who you share your video link with can see your video. However, if you would like your video to gain greater public exposure you can change this to a Public Link.

This means your Loom URL can then appear in Google search. Here's how:

img_loom_url.png


Watch the video below for a quick walkthrough of the Privacy feature.


 

 

CampusWire

Campuswire is a real-time messaging app for college classes that streamlines class discussions, Q&A, and announcements. With a commitment to protecting students’ personal identifying information, CampusWire never sells FERPA data to third parties. However, it is important for employees using the platform to adhere to the following security guidelines:
    • Faculty and staff should ensure that student information such as grades are only reported in official campus systems, such as Moodle and DegreeWorks. This information should not be communicated via messaging or posts in CampusWire.
    • Students should not post videos or images of themselves to CampusWire, and instead should post links to their content from a shared drive with limited sharing, such as a Loom custom access video sharing, Google Drive, OneDrive, or DropBox folder.
 

Discord

Discord is a chat app, similar to Skype and Reddit or professional communications platforms like Slack. Discord supports video calls, voice chat, text and allows users to create and join "servers" where users can communicate about specific topics. A Discord server might be created to support departments, students, or professors communicating about campus news or course material.
    • Faculty and staff should ensure that student information such as grades are only reported in official campus systems, such as Moodle and DegreeWorks. This information should not be communicated via messaging or posts in Discord.
    • Students should not post videos or images of themselves to Discord, and instead should post links to their content from a shared drive with limited sharing, such as a Loom custom access video sharing, Google Drive, OneDrive, or DropBox folder.
 

WhatsApp

WhatsApp is an end-to-end encrypted communication platform that uses cellular or Wi-Fi connections to facilitate messaging and voice calling anywhere (International calling over WiFi is free with WhatsApp.) WhatsApp allows for voice calls, texting, as well as sharing documents, photos, and videos.
    • Faculty and staff should ensure that student information such as grades are only reported in official campus systems, such as Moodle and DegreeWorks. This information should not be communicated via messaging in WhatsApp.
    • Students should not post videos or images of themselves to WhatsApp, and instead should post links to their content from a shared drive with limited sharing, such as a Loom custom access video sharing, Google Drive, OneDrive, or DropBox folder.
Request Help