The time people spend using collaboration tools at work varies enormously depending on their job responsibilities and the specific tools they use.
However, research suggests that collaboration tools have become increasingly important for many workers, particularly in the context of remote and distributed workforces. According to Harvard Business Review, time spent on the collaborative aspects of work — such as instant messaging, email, and meetings — has exploded by roughly 50% over the past 12 years.
This includes time spent using messaging apps, video conferencing software, project management platforms, and other tools designed to facilitate communication and collaboration among remote teams. However, as useful as they are, these tools are not bulletproof. They are vulnerable to phishing, file sharing, business email compromise, insider threats and man-in the middle attacks.
While your organisation may have strong cybersecurity measures in place, ensuring that any third-party service you use for digital communications is also adequately protecting your data is crucial.
Failure to manage the risks associated with a third-party relationship can put your cybersecurity, business operations, reputation, finances, strategy, intellectual property, compliance and legal obligations at risk. The aftermath of a cyberattack can result in severe legal and regulatory repercussions, even reputational damage and financial loss. This means it’s essential to prioritise the integrity and security of your data when partnering with a third-party service.
When using collaboration suites like Microsoft 365 or Google Workspace, chances are you've shared a file with someone at some point over Zoom, Teams, Skype, Slack or the like. Sharing files itself isn't a problem, but not managing external access to your files certainly is. This kind of unregulated sharing represents a significant security risk to your organisation, which grows each day while access to externally shared data remains unknown and unmanaged. This article discusses the security and privacy problems that have been found in Zoom and similar issues could also be impacting other collaboration tools.
Ignoring external access controls is just asking for trouble. A growing body of research exposes how uncontrolled file sharing can plague organisations, and their IT leaders are starting to sweat.
The biggest risks posed by collaboration platforms
While many reputable collaboration tools have strong security measures built in, they may not always be configured properly, or may not fully account for the way your teams use those tools. We can group the risks involved into five key categories.
Shared files are an "open door" into your organisation, especially if they contain employee credentials, personal information, proprietary business data, or anything else sensitive that outsiders can use to bypass your security efforts.
Data leaks and breaches
Human error is a major factor in data leaks and breaches, responsible for almost 90% of all breaches, according to Mimecast’s research. Employees may unintentionally share files with unauthorised people outside the organisation, increasing the risk of data breaches.
Data loss and (un)governance
Inadequate governance over sensitive data can result in data loss, which can be catastrophic for your organisation's reputation and bottom line. By ensuring proper governance of sensitive data, you can better manage the risk of data loss.
Depending on the industry and jurisdiction, regulatory requirements regarding data privacy and security may vary. Failure to comply with these regulations can result in significant fines and legal repercussions.
Intellectual property theft
If your organisation deals with intellectual property, such as patents, trademarks or copyrights, it's crucial to protect them from theft. Cybercriminals may target your intellectual property for illicit financial gain or to undermine your competitive advantage in the market.
Mitigation strategies you should consider
Organisations should ideally implement cybersecurity best practices such as access controls, encryption, data classification and employee training to mitigate these risks. Additionally, it's essential to vet third-party companies thoroughly before partnering with them and to establish clear guidelines and expectations for them regarding data protection and cybersecurity.
Managing and securing your SaaS environment
The use of software-as-a-service (SaaS) applications can expose your data to potentially thousands of external collaborators. Slack, teams, and other such collaboration tools can exacerbate the problem by making it easy to share files. To gain control of your SaaS stack, you must implement a clear policy around fine sharing, and provide safe mechanisms for continuously managing documents and file sharing.
Safeguard your company's data by restricting access
Another thing to consider is revoking access privileges when employees leave your company. Ideally, this process should be automated. For example, by tying up Slack access to the company's identity and access manager, when an employee's email is decommissioned, they also lose access to all apps your organisation uses. Implementing out-of-the-box controls that come with these tools and configuring them for particular environments and use cases helps. Monitoring is essential to quickly get an inventory of who has access to what and flag departed employees who attempt to access IT resources.
Secure API keys
Using API keys has become an increasingly popular method for hackers to gain access to networks. Often, penetration testers do not change API keys after conducting penetration tests on cloud environments. The hackers can exploit this risk, even though an insider would have to be tech savvy to know about stealing API keys. To secure API keys, users should only be able to obtain network access from specific IP addresses, and the keys should be changed often so they are only valid for a limited time.
Prioritise Customer Data Protection
Customer data is highly sensitive, especially from a liability perspective. And with more and more workers accessing work files from their personal devices, the risks of data leaks are growing exponentially. Security teams need to focus on protecting customer data, which is the most valuable asset to hackers. They should rank their priorities and ensure employees use collaboration tools responsibly and securely.
Ensure compliance when collaborating
Companies must integrate collaboration platforms into standard audit and compliance processes to avoid compliance risks that could result in substantial fines and data loss. Storing information in cloud collaboration platforms can subject a company to SOX, GDPR/CCPA, and/or PCI-DSS, depending on the country where they do business. Storing spreadsheets and PDFs also presents a sizable threat to security and compliance. Companies should focus on data discovery and classification, data access governance, and data access monitoring to ensure adherence to compliance frameworks. Research from Forrester, Opportunities and Risks Accompany the Use of Employee Collaboration and Meeting Technology, explores the risks of failing to govern digital conversations today.
Our digital world is constantly exposed to cyber threats, which pose a significant risk to organisations. Therefore, organisations must prioritise cybersecurity and adopt effective measures to manage these risks. By doing so, they can safeguard their sensitive data and digital assets and prevent the devastating outcomes of a potential cyberattack. Remember, cyber threats are not going away anytime soon, so taking action to protect yourself is more important than ever.