The COVID-19 outbreak radically disrupted organizational processes, especially employee work habits. To adhere to social distancing policies, companies started exploring work from home options for their workforce. CTOs were tasked with researching for secure and easy-to-use collaboration tools that would help employees continue working with minimum upheaval in their workflows. Many opted for Zoom videoconferencing service. However, following security concerns hovering over, technocrats started exploring free and subscription-based options from Google Hangout, Slack, LogMeIn, Avaya, Citrix and Cisco.
Besides communication, they needed secure and robust collaboration services for sharing documents and emails. To help companies ensure business continuity, services like Hiver and Zoho stepped up to the plate and offered their suite of apps free for a limited period. Cyber security experts have highlighted that collaboration tools open the doors to phishing attacks that could introduce malware. How can such intrusions compromise a user’s personal data and an organization’s sensitive information?
While collaboration tools offer tremendous value, they also present an inherent danger to an organization’s overall security. Generally, most users have a trusting nature when it comes to apps requesting user permissions. Most end-users will simply allow any requested permissions from an app during installation without questioning the reason behind certain levels of requested access.
A common permission that a lot of collaboration tools ask for is access to read/write/modify data. Now, what if this newly implemented tool has the intent of injecting ransomware? Any file that the user has access to is potentially vulnerable to being accessed, modified, copied and then moved outside your organization. Such a data leak can expose your customers’ data and irreparably damage business reputation.
To prevent this from happening, it’s important to have reliable enterprise endpoint security which can scan for malwares. Secondly, it is imperative to have a proper DLP (Data loss prevention) plan in place.
Rules of thumb to follow while using digital collaborative tools
The most basic requirement would be to have a strong password policy in place. Depending on the number of tools in your collaboration stack, consider using a password manager. Next, document what your team members can or can’t do with the collaboration tools. This documentation should cover your password policies, the kind of information that can be shared, where and how files must be stored, which files can be shared externally, who can be invited for video conferencing, and which tools should have access controls, for instance a two- factor authentication. Depending on the complexity of your company’s security policies, you may want to conduct training sessions for some team members.
Most collaboration tools come with inherent security features
Most collaboration tools include features that provide IT teams with more control over the way their users access these services. For instance, there may be options like single sign on, two- factor authentication, and more. Ensure that your IT team has complete control over who gets access to what kind of tools and data. Hence, revisit the tools in your collaboration stack and their security features. At a minimum, you must choose tools that are compliant with basic security standards and include enterprise-grade encryption.
Secure third-party integrations in collaborative tools
Third-party integrations can be vulnerable access points for hackers looking to exploit security weaknesses. One of the most important, yet basic steps you can take is to create an application inventory. This database should include a list of all the tools in your collaboration stack and their respective integrations, the kind of data the vendors have access to, the permissions each of these tools collect, the purpose of each tool, and the best points of contact for each vendor.
While considering these third-party integrations, ensure that the tool and the parent platform are both compliant not only with basic security standards, but are also in line with your company’s security policies. It is advisable to have an ongoing practice of assessing third-party vendor security policies and revoking access to tools/integrations that are deemed risky and have corporate data access.
Always ensure that you are running the most recent version of these collaboration tools. Don’t ignore notifications for updates because they may include an important security patch. Another good practice is to audit the data accessed by these integrations on a regular basis.