« Back to News & Notices
Our important report on the security risks of virtual courier policies
Cybersecurity is a hot topic right now. From Facebook’s $5 billion settlement with the FTC over mishandling of user data to the more than 500,000 Zoom accounts whose passwords were shared on the dark web, finding secure solutions is more important than ever.
And it’s extra important in the art world, where we move millions of pounds worth of art and cultural objects everyday. In the face of the pandemic, many of our colleagues have turned to ad-hoc solutions to remotely oversee art transit and installation. But, the cybersecurity risks of these tools could outweigh the benefits. Insurers are calling out these risks and are concerned about the current security of sensitive data like location and value.
We’ve been asked to outline the risks and wanted to share the findings with you.
|Security Concern||Why does it matter?||Articheck’s Virtual Courier||WhatsApp (owned by Facebook)||Zoom|
|2-Factor Authentication||Mass password breaches are the norm in today’s fast-moving cyberspace. Access to sensitive data needs more than one protection level.||✅ Required for all users.||❌ Doesn’t even require a password||❌ No second factor or level of protection|
|Secure Data Storage||Documentation needs to be properly maintained for insurance claims.||✅ Stored on Articheck cloud servers, managed by org Administrator and only authorized users can access.||❌ Data stored on personal devices accessible by anyone||❌ Stored locally on device or in individual Zoom accounts with no org Administrator|
|Storage Limits||All documentation should be captured and stored. An incomplete picture of events is an unnecessary risk.||✅ No limits for video, photo, documents or condition reports all in one place for unlimited users||❌ Depends on space available on device||❌ Maximum 1 GB aka 3 hours of high quality video per entire user account|
|Data Ownership||Sensitive data needs to be owned and controlled by lending institution or responsible party.||✅ Client data remains property of client as per Articheck T&C||❌ Data shared with Facebook and third parties for advertising and other purposes||❌ Data shared with third parties for advertising and other purposes|
|Authorized Sharing||Location and value of works should never be shared outside of authorized parties.||✅ Closed system sharing via custom link that can only be opened by the intended recipient.||❌ Data can be shared with anyone via forwarding.||❌ Downloaded recordings can be shared with anyone via file transfer or email|
|User Permission levels||Proper risk mitigation calls for different users given different permission to data based on sensitivity.||✅ Customizable editing access to all parts of the system, with visibility levels available for documents, condition reports, and objects traveling.||❌ Everyone in a group has access to all sensitive information||❌ Everyone in a Zoom call has access to all sensitive information|
|Known GPS location||Accurate and verifiable location of valuable works should always be available to lender or owner.||✅ Included in every transit and condition check||❌ Not included||❌ Not included|
If you’re currently using multiple ad-hoc tools and are concerned about your security exposure, we’re happy to help. You can book a call with us here to discuss how to minimize risk with Virtual Courier.
We’re also offering TEG members a free trial of Virtual Courier to use on the project of your choice in advance of TEG Marketplace on 28 April 2022 – so don’t hesitate to get in touch.
Annika at Articheck