4 Collaboration Habits That Open the Door to Security Breaches

Eighty-eight percent of organizations either encouraged or required employees to work from home in response to the COVID-19 pandemic according to Gartner. The rapid transition to remote work caused a spike in adoption of cloud-based productivity and collaboration tools. Microsoft Teams reached 44 million active users in March — more than double the 20 million users it had in November 2019. Competitor Slack added 7,000 new customers in the seven weeks beginning Feb. 1, which was more than it had added in the entire preceding quarter.

Tools like these helped organizations maintain and in cases improve communication and productivity for their work from home staff, and the tools will likely continue to be used after the shelter-in-place period finishes. Indeed, Gartner found 74% of companies will allow at least 5% of their previously onsite employees to work remotely after the pandemic. This means solutions to support collaboration among distributed teams will still have an important place in getting work done.

However, these cloud-based tools come with an increased risk of unauthorized access and data compromise. If you are unprepared for these threats, these solutions help you boost your business at the high price of making you more vulnerable to data breaches. Learning the risks is the first step in minimizing threats to data while maximizing your use of these collaboration tools.  

Data Overexposure

The chats, channels and files exchanged by employees in collaboration platforms are often retained forever by default, which means all of this data is vulnerable in a cyberattack. Adding to this is the habit among many users of saving documents on their hard drives to simplify discovery down the line. Hard drives offer insufficient protection. Moreover, downloading certain types of files (e.g., customer data) is a violation of privacy laws, so it can lead to penalties.

Recommendations: First, choose your cloud providers wisely. Assess each provider’s level of data and system security, and check whether the provider is compliant with standards like ISO 27000.

Second, make sure employees have the tools they need to work with company data safely. Add security measures to reduce data exposure. For example, encourage your staff to use corporate G Suite instead of personal applications like Google Docs, and monitor user activity for suspicious behavior like spikes in downloads or unusual data access patterns.

Third, classify your data and educate your employees to be more attentive to information labeled “sensitive” or “confidential.”

Related Article: The Time to Reel In Ad-Hoc Collaboration Is Now

User Mistakes and Negligence

According to Ponemon's 2020 report, employee negligence or errors caused 62% of all insider breaches. One of the best examples is unauthorized data sharing, such as users exchanging passwords or sensitive data via cloud collaboration tools to expedite their work. Practices like these increase the chance of data compromise and compliance fines, especially if an employee accidentally posts business-critical information in a public channel, where you cannot control how many users see and copy it.

Recommendations: Make it as easy as possible for employees to access the corporate resources they need to do their jobs. For example, making credentials easy to retrieve from password managers will remove the temptation to ask someone to share the password via Teams or another platform, which violates security policies. Also, conduct regular training sessions to familiarize users with basic security practices like the rules of secure data sharing, and check in to make sure your employees absorbed these lessons.

Related Article: Data Security in a COVID-19 World: What to Do When You Are Pushed Into the Cloud

Learning Opportunities

Apr 04 11:00 AM Mexico Standard Time

Collaboration in a Distributed Workplace Tools and Techniques of Top Performing Teams

Register

Apr 12 11:00 AM PST

Improve Knowledge Sharing The Key to Employee Productivity

Streamline team collaboration and engagement

Register

Apr 13 9:00 AM PST

How McDonald’s Drove Productivity Through an Elevated Employee Experience

In the new remote/hybrid workplace, work/life boundaries are blurred and workplace stress is a top driver of mental health needs.

Register

ON DEMAND

How to Future-Proof Your Employee Experience Strategy in 2023

A framework to navigate through economic uncertainty

Watch Now

ON DEMAND

Challenges to Efficiency in 2023: Your Employees Need the Digital Workplace of the Future

The era of asking employees to do more with less is upon us

Watch Now

ON DEMAND

The Essential Role of Communicators in Fostering Wellbeing in the Digital Workplace

Join us for practical insights on how digital communicators can support employees to thrive in the digital workplace

Watch Now

ON DEMAND

Addressing Employee Needs and Wants with a Digital Workplace

The workplace is getting more and more digital – both in how we work and where we work

Watch Now

ON DEMAND

Maintaining a Human-Centered Approach During Digital Transformation

When it comes to digital transformation - people drive change, not technology

Watch Now

ON DEMAND

The Evolution of Employee Recognition

Leveraging the power of appreciation to improve the employee experience

Watch Now

ON DEMAND

Are You Blocking Your Internal Comms Team Without Knowing It

Best practices & tips to help IC teams thrive

Watch Now

ON DEMAND

Cyber Resilience In The Cloud Is Not Optional

In today’s age of ransomware and widespread cyber attacks, your cloud data needs to be protected.

Watch Now

View All

Insecure Personal Devices

When employees work on corporate laptops or computers, you can encrypt any data accessed and keep the device up to date with patches. But when workers use their personal laptops, you have little control over the device. Even a single infected or unpatched laptop can jeopardize your data and your business.

Recommendations: Audit your IT environment for spikes in log on activity, unusually high network traffic and other suspicious events to detect attacks in the early stages. Also, make hackers’ lives as difficult as possible by patching and installing endpoint protection tools on all corporate devices.

If employees use their personal devices, implement BYOD best practices that strike the right balance for your organization. Depending on your risk tolerance and other requirements, you can either recommend or require specific practices, such as regular software patches and operating system updates. You can also forbid access to certain assets from personal devices.

Related Article: Flexible Operating Models Only Limited by Rigid Corporate Thinking 

Unsanctioned Tools

When employees use unsanctioned and unsupported collaboration tools (aka shadow IT) it can undermine data security, especially if the person managing the tool has no expertise in security. For example, if a team uses Google Docs and the manager allows everyone with the link to access corporate files, this violates basic security practices and could lead to data compromise.

Recommendations: Work closely with other departments to understand their workflows and business needs to determine which tools they need. Providing the tools employees need and will use goes far in curbing adoption of unauthorized tools.

The increase in remote work has brought new security challenges, and you need to keep them in mind when you use cloud collaboration software. But the tools are not your enemy. By following the recommendations laid out here, you can reap their business benefits while minimizing security risks.

Learn how you can join our contributor community.

About the Author

Ilia Sotnikov is an accomplished expert in cybersecurity and IT management. He is vice president of product management at Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments.