Last year, Slack, Zoom and countless other companies hoovered up business as companies shifted to support new phase of home working. We’ve taken new tools and processes with us to drive virtual collaboration. But are they really as secure as they should be?
1.The risk from ‘off the shelf’ collaboration tools
They’re quick to set up, easy to integrate and cheap to maintain. But are they as secure as you need them to be? Many businesses are now using products like Slack, Zoom and Trello (among many others) as part of their everyday digital processes. But stories of data and security breaches resulting from their use are common. Zoom has made the news at least a dozen times over its security vulnerabilities. At the same time, Slack’s ubiquity and ease of use leaves lots of potential for careless interaction. Are passwords regularly changed? How often are files shared via these channels that are publicly accessible by default?
Other risks come from a poor understanding or administration of the tools on the part of management. For example, did you know, according to one hacking expert:
“Trello...will be indexed by Google if its boards are set to “public.” And, public boards’ specific contents can also be searched using a special search called a “dork.”
Regus’s careless sharing of files on Trello exposed performance ratings of hundreds of their staff on line in exactly this way.
Collaboration tools like these have become part of the way we do things. But businesses with sensitive IP or with special responsibilities for data governance should consider whether the protections they offer will be enough to satisfy regulatory bodies, or just give them peace of mind that their data can’t be compromised.
2. The risk of unauthorised IT
But if it’s too easy to share your data on some systems, other purpose built DMS (document management systems) can present exactly the opposite problem.
It’s well known that workers with particularly difficult or slow internal DMS will often retreat to their own devices and software choices to circumvent password-protected access and slow file sharing experiences. Workers downloading and sending documents to themselves and others to work on a private device, are obviously a potential security risk. But it’s still a common practice and one of the main reasons for the growth of solutions like DropBox.
If you’re choosing an enterprise level document management system to support your collaboration on complex projects - you should check, not only that its levels of security match your requirements, but it is responsive, intuitive and usable across a range of devices.
3. The risk of 'user error'
Humans are flawed. Not paying attention, not following procedures, taking shortcuts and ignoring guidelines. It’s what we do best. But seriously, user error is a fact of life and is a big factor in security breaches. And it turns out, away from the office, there’s more distraction and we’re more prone to making errors of judgement. A recent CyberArk study concluded.that
“Risky cyber-practices were… particularly prevalent amongst working parents… who face additional distractions such as childcare and home-schooling. Of this cohort, 57% insecurely save passwords in browsers on their corporate devices while 89% said they reuse passwords across applications and devices. Additionally, 21% allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping.”
Source: Info Security Magazine
Clearly, there needs to be better training and top-up training in place if we’re going to observe the highest standards of data protection and cybersecurity. But the tools we choose and use should also encourage and prioritise security. For example, collaboration platforms should require and force frequent password changes and two-factor authentication to protect them from unauthorised access.
4. The risk of data over exposure
Access to data needs to be controlled. Often access to a shared drive will give you access to everything within it. The systems that you are using for virtual collaboration need to be flexible, but they also need. to offer granular access control to ensure protection for sensitive information:
- The system should allow you to control the level of access that employees and other trusted parties can gain at any time
- The right DMS should offer easy to use ‘read’ or ‘comment only’ protections for sensitive documentation, as well as creating hierarchies of access that can be set and revoked by non-coders in real-time.
- The control you have should extend to use-rights - what permissions each user has to view, modify and download a document or set of documents.
The more “fine-grained” those controls are, the better you will be able to minimise the risk of data breaches at every level of an organisation.
Depending on the sensitivity of the data you control, organisations should ensure that the platforms they are using meet the standards of ISO 27001.
These are just a few of the security considerations around the use of collaboration tools and file sharing for an increasingly ‘remote’ workforce. There is clearly much to be done to educate and equip workers to collaborate more safely and effectively while they are at home.