So Many Breaches, So Little Proactive Action
As we all know, the COVID-19 crisis accelerated digital transformation, and with it, a collective shift to the cloud. But with that increased access to data storage and collaboration services has come a steep increase in individual users with the (potentially ungoverned) ability to upload and share all kinds of data.
Applications like Microsoft Teams make it so easy to share information that end users can accidentally overshare. Other applications like Google Workspace and Slack tout how fun and easy it is to use their solutions — almost gamifying work, and making it more casual.
At the same time as productivity has increased in many organizations thanks to digital collaboration tools, we’ve also seen a rise in the scale and frequency of security breaches, with the SolarWinds incident and the Exchange server hack being two recent examples. Furthermore, as Zoom has demonstrated on more than one occasion, new collaboration platforms often lack mature and developed security architectures, which is insufficient for enterprise organizations.
Companies cannot rely on assumptions and quickly aging security tactics to stay protected. Instead, they need a proactive approach to keep up with the ever-changing nature of cloud collaboration and the increasing threats posed by user error and bad actors.
Take Stock Internally
First and foremost, you need to get a pulse on where, when, and how your employees collaborate in order to ensure you are protected at every engagement point. Even a year into the pandemic, most employees’ main priority is still to enhance productivity and communication, so your goal is to implement security provisions that do not slow communication or hinder their workflows.
As anyone in IT will tell you, if a user finds an authorized or mandatory process too difficult, they will simply find another, typically unauthorized way to get their job done. We’ve even seen this practice of “Shadow IT” at department and divisional levels in some organizations. When your employees begin leveraging unapproved software, your security risks from within the business grow. And most of the time, internal mistakes, as opposed to malicious actions, cause security breaches.
Update Your Security Model
Because digital collaboration has increased internal threats, historical network security models are no longer enough. But far too many organizations have incorrectly applied the popular “castle” method to mitigate both internal and external threats. While companies are correct in understanding the need for multiple layers of security, the perimeter approach cannot be properly applied to employees already on the inside.
Further, mitigating security breaches from within can be costly, both from a time and resources perspective. For example, companies will often recruit their IT departments to serve as Microsoft Teams admins, who then spend hours on routine governance tasks like helping create and maintain individual behavior and the creation of new channels. And with so many organizations slashing IT budgets in the early pandemic days, this was an extra burden on already lean teams.
Mondelēz: 3 Steps to a Data-Informed, More Proactive IT Department
How to build a new team culture dedicated to the proactive mindset.Watch Now
How to Create a Successful Hybrid Enterprise Using Slack
Learn the three steps companies should take to create a successful hybrid enterprise and enable better productivity.Watch Now
In addition to how labor-intensive internal monitoring can be, it can also be prone to human error when relegated to Excel spreadsheets and other manual methods. This type of tracking only catches internal threats after they’ve occurred, which is too late.
Related Article: Why HR and IT Are Teaming Up to Prevent Data Breaches
All Companies Need to Prioritize Collaboration Security
Collaborations platforms today can instantly, and often automatically, surface any information a user has access to, which means that granular security and permissions barriers are hugely important. Even in unregulated organizations, it may only take uploading a handful of documents to the wrong place to cause a major incident — whether it's a violation of external customers or employee privacy and trust.
In regulated organizations, the cost of violating security and data protection laws far outweighs the initial investment in a preventative plan of action. Additionally, a handful of US states have begun implementing GDPR-like laws, which, if not properly enforced internally, could result in major fines for businesses. While there is no guaranteed safeguard, implementing security by design at every level in your organization is the best way to ensure that a small number of compromised accounts or ransomware attack cannot hold your organization hostage.
Related Article: Making Sense of the Growing Legislation to Protect Customer Data
Act Now on Your Proactive Plan
Be proactive at every level when it comes to securing your data. Design and update processes with security in mind, with the philosophy that every employee has a vital role to play. Understand that your users collaborate with sensitive information, sometimes even when they shouldn’t. Help your teams implement secure, contextual processes that don’t get in the way of their work. All of these things are vital to maintaining a proactive strategy that meets the security needs of the modern workplace.
About the Author
Hunter has been in web development, SEO and social media marketing for over a decade, and has GSuite Admin, MCSA Office 365 & Service Adoption Specialist certifications. Throughout his career, he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations.