whack a mole game on boardwalk at the shore

So Many Breaches, So Little Proactive Action

March 30, 2021 Information Management
Hunter Willis
By Hunter Willis

As we all know, the COVID-19 crisis accelerated digital transformation, and with it, a collective shift to the cloud. But with that increased access to data storage and collaboration services has come a steep increase in individual users with the (potentially ungoverned) ability to upload and share all kinds of data.

Applications like Microsoft Teams make it so easy to share information that end users can accidentally overshare. Other applications like Google Workspace and Slack tout how fun and easy it is to use their solutions — almost gamifying work, and making it more casual.

At the same time as productivity has increased in many organizations thanks to digital collaboration tools, we’ve also seen a rise in the scale and frequency of security breaches, with the SolarWinds incident and the Exchange server hack being two recent examples. Furthermore, as Zoom has demonstrated on more than one occasion, new collaboration platforms often lack mature and developed security architectures, which is insufficient for enterprise organizations.

Companies cannot rely on assumptions and quickly aging security tactics to stay protected. Instead, they need a proactive approach to keep up with the ever-changing nature of cloud collaboration and the increasing threats posed by user error and bad actors.

Take Stock Internally

First and foremost, you need to get a pulse on where, when, and how your employees collaborate in order to ensure you are protected at every engagement point. Even a year into the pandemic, most employees’ main priority is still to enhance productivity and communication, so your goal is to implement security provisions that do not slow communication or hinder their workflows.

As anyone in IT will tell you, if a user finds an authorized or mandatory process too difficult, they will simply find another, typically unauthorized way to get their job done. We’ve even seen this practice of “Shadow IT” at department and divisional levels in some organizations. When your employees begin leveraging unapproved software, your security risks from within the business grow. And most of the time, internal mistakes, as opposed to malicious actions, cause security breaches.

Related Article: Microsoft Exchange Attack Underlines How Vulnerable Your Organizational Data Is

Update Your Security Model

Because digital collaboration has increased internal threats, historical network security models are no longer enough. But far too many organizations have incorrectly applied the popular “castle” method to mitigate both internal and external threats. While companies are correct in understanding the need for multiple layers of security, the perimeter approach cannot be properly applied to employees already on the inside.

Further, mitigating security breaches from within can be costly, both from a time and resources perspective. For example, companies will often recruit their IT departments to serve as Microsoft Teams admins, who then spend hours on routine governance tasks like helping create and maintain individual behavior and the creation of new channels. And with so many organizations slashing IT budgets in the early pandemic days, this was an extra burden on already lean teams.

In addition to how labor-intensive internal monitoring can be, it can also be prone to human error when relegated to Excel spreadsheets and other manual methods. This type of tracking only catches internal threats after they’ve occurred, which is too late.

Related Article: Why HR and IT Are Teaming Up to Prevent Data Breaches

All Companies Need to Prioritize Collaboration Security

Collaborations platforms today can instantly, and often automatically, surface any information a user has access to, which means that granular security and permissions barriers are hugely important. Even in unregulated organizations, it may only take uploading a handful of documents to the wrong place to cause a major incident — whether it's a violation of external customers or employee privacy and trust.

In regulated organizations, the cost of violating security and data protection laws far outweighs the initial investment in a preventative plan of action. Additionally, a handful of US states have begun implementing GDPR-like laws, which, if not properly enforced internally, could result in major fines for businesses. While there is no guaranteed safeguard, implementing security by design at every level in your organization is the best way to ensure that a small number of compromised accounts or ransomware attack cannot hold your organization hostage.

Related Article: Making Sense of the Growing Legislation to Protect Customer Data

Act Now on Your Proactive Plan

Be proactive at every level when it comes to securing your data. Design and update processes with security in mind, with the philosophy that every employee has a vital role to play. Understand that your users collaborate with sensitive information, sometimes even when they shouldn’t. Help your teams implement secure, contextual processes that don’t get in the way of their work. All of these things are vital to maintaining a proactive strategy that meets the security needs of the modern workplace.

About the Author

Hunter has been in web development, SEO and social media marketing for over a decade, and has GSuite Admin, MCSA Office 365 & Service Adoption Specialist certifications. Throughout his career, he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations.

Tags

Featured Research

Related Stories

records management the old fashioned way, in binders on a shelf

Information Management

Your Top 3 Records Management Questions Answered

traffic jam

Information Management

Mancini's Law Says: Information Chaos Has Consequences

A chaotic scene in which an elephant is storming through a restaurant, while a seated well-dressed woman listens to the mayhem

Information Management

How Master Data Management Can Help Tame the Data Governance Mayhem

Register Now: Digital Workplace Experience Summer Session

DWX21 - Q1