So Many Breaches, So Little Proactive Action
As we all know, the COVID-19 crisis accelerated digital transformation, and with it, a collective shift to the cloud. But with that increased access to data storage and collaboration services has come a steep increase in individual users with the (potentially ungoverned) ability to upload and share all kinds of data.
Applications like Microsoft Teams make it so easy to share information that end users can accidentally overshare. Other applications like Google Workspace and Slack tout how fun and easy it is to use their solutions — almost gamifying work, and making it more casual.
At the same time as productivity has increased in many organizations thanks to digital collaboration tools, we’ve also seen a rise in the scale and frequency of security breaches, with the SolarWinds incident and the Exchange server hack being two recent examples. Furthermore, as Zoom has demonstrated on more than one occasion, new collaboration platforms often lack mature and developed security architectures, which is insufficient for enterprise organizations.
Companies cannot rely on assumptions and quickly aging security tactics to stay protected. Instead, they need a proactive approach to keep up with the ever-changing nature of cloud collaboration and the increasing threats posed by user error and bad actors.
Take Stock Internally
First and foremost, you need to get a pulse on where, when, and how your employees collaborate in order to ensure you are protected at every engagement point. Even a year into the pandemic, most employees’ main priority is still to enhance productivity and communication, so your goal is to implement security provisions that do not slow communication or hinder their workflows.
As anyone in IT will tell you, if a user finds an authorized or mandatory process too difficult, they will simply find another, typically unauthorized way to get their job done. We’ve even seen this practice of “Shadow IT” at department and divisional levels in some organizations. When your employees begin leveraging unapproved software, your security risks from within the business grow. And most of the time, internal mistakes, as opposed to malicious actions, cause security breaches.
Update Your Security Model
Because digital collaboration has increased internal threats, historical network security models are no longer enough. But far too many organizations have incorrectly applied the popular “castle” method to mitigate both internal and external threats. While companies are correct in understanding the need for multiple layers of security, the perimeter approach cannot be properly applied to employees already on the inside.
Further, mitigating security breaches from within can be costly, both from a time and resources perspective. For example, companies will often recruit their IT departments to serve as Microsoft Teams admins, who then spend hours on routine governance tasks like helping create and maintain individual behavior and the creation of new channels. And with so many organizations slashing IT budgets in the early pandemic days, this was an extra burden on already lean teams.
Making the Employee Experience Empathetic to Frontline Workers
Learn how leading organizations use EX tools to connect people with the resources they need in the field or on the move.
Voice of the Employee: Aligning Employee Listening with User Experience Tools and Services
Keys to ensuring technology platforms are intuitive and accessible for all
Hiring New Talent in the Era of the Great Resignation
Learn the factors that are important to employees as they evaluate new job prospects
Workplace Origami: Making Sense of the Forces Shaping the Workplace in 2021
Effective human capital management practices are key to thriving during the workplace revolution.
Retaining Employees in the Era of the Great Resignation
Learn about what has worked - and what hasn’t - to help retain talent at other organizations
Top 10 Challenges For the Workplace of the Future
The workplace is changing in ways we couldn’t have anticipated. Here are the top considerations for organizations as they adapt.
In addition to how labor-intensive internal monitoring can be, it can also be prone to human error when relegated to Excel spreadsheets and other manual methods. This type of tracking only catches internal threats after they’ve occurred, which is too late.
Related Article: Why HR and IT Are Teaming Up to Prevent Data Breaches
All Companies Need to Prioritize Collaboration Security
Collaborations platforms today can instantly, and often automatically, surface any information a user has access to, which means that granular security and permissions barriers are hugely important. Even in unregulated organizations, it may only take uploading a handful of documents to the wrong place to cause a major incident — whether it's a violation of external customers or employee privacy and trust.
In regulated organizations, the cost of violating security and data protection laws far outweighs the initial investment in a preventative plan of action. Additionally, a handful of US states have begun implementing GDPR-like laws, which, if not properly enforced internally, could result in major fines for businesses. While there is no guaranteed safeguard, implementing security by design at every level in your organization is the best way to ensure that a small number of compromised accounts or ransomware attack cannot hold your organization hostage.
Related Article: Making Sense of the Growing Legislation to Protect Customer Data
Act Now on Your Proactive Plan
Be proactive at every level when it comes to securing your data. Design and update processes with security in mind, with the philosophy that every employee has a vital role to play. Understand that your users collaborate with sensitive information, sometimes even when they shouldn’t. Help your teams implement secure, contextual processes that don’t get in the way of their work. All of these things are vital to maintaining a proactive strategy that meets the security needs of the modern workplace.
About the Author
Hunter has been in web development, SEO and social media marketing for over a decade, and has GSuite Admin, MCSA Office 365 & Service Adoption Specialist certifications. Throughout his career, he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations.