nobeastsofierce - Fotolia
Addressing three cloud-based collaboration security threats
Cloud-based collaboration software offers productivity benefits, but carries security risks. Learn about three collaboration security threats facing organizations and how to address them.
Many companies today are using and praising cloud-based collaboration applications that claim to maximize efficiency and output. While these software products expedite communications and centralize workflows, they often fall short with regard to collaboration security.
Recent security breaches, such as the WannaCry ransomware attack, demonstrate what can happen when confidential company business takes place on insecure platforms.
If you undervalue information security across all networks or do not consider the maturity of your company when making security decisions, you might have privileged information fall into the wrong hands. Fortunately, the three biggest cloud-based collaboration security traps have achievable solutions.
Passing secure information across insecure networks
Email, messaging and other cloud-based collaboration apps are not as secure as we think, because the information needs to float, even temporarily, across the web. However, the usage of these apps remains high, even as 18.1% of files uploaded to cloud-based collaboration and file-sharing services contain sensitive data, according to Skyhigh Networks.
When passing information through insecure networks and apps, things are more permanent than they seem. The concept of "out of sight, out of mind" may apply for temporal apps like Snapchat, where after 24 hours a photo disappears. But for services such as email, Slack, Google Drive and public networks, information can live longer than it should.
Remember, any service is at risk of being hacked, so your sensitive information could still be leaked even if it was distributed securely.
Solution: Use tools that proactively monitor for security. Employ a tool, for example, that asks you if you'd like to encrypt a file before sending it, or a tool that seeks out alphanumerical patterns to detect things like social security numbers, credit card numbers or passwords.
Being too flexible with access and permissions
In fast-moving startups, everyone might need access to everything. But, in larger companies, more structure is needed.
As companies mature, you can't give universal access to everything. Collaboration security standards may also change due to changes in personnel or locations. If your company is growing rapidly or going through a transitional period where documents and data are changing hands, permissions will need to reflect those changes as quickly as possible.
Solution: Use flexible tools that allow you to customize collaboration security settings based on criteria such as personnel, location and application. Make sure all employees know all company changes so they have an understanding of the rationale behind any security recommendations.
For example, if you find an active user account or login for someone who left the company, tell everyone in the company. In the future, everyone is more likely to ensure all accounts and logins are removed in a timely manner.
Similarly, when you require employees to do something for security reasons, explain why and give use cases. Don't just require multifactor authentication, for example, without explaining what it is and its benefits, especially to nontechnical employees.
Make employees responsible for security precautions
The average employee uses 36 cloud services at work, according to Skyhigh Networks. That is a lot of applications, operational systems and privacy settings to monitor. With security, everything is not common sense. Employees may not instinctively know what is needed to protect information when using so many apps.
Solution: Make continued education on security a priority and a companywide initiative from the top down. Periodically review everything, from user accounts to applications to networks, and publish the complete results to everyone.
Remember, collaboration security is not just about the technical hacking of a network or website. Anyone who answers a phone can be a victim of phishing and social-engineering attacks, so awareness of security is something to discuss with everyone. The lowest-level employees should feel comfortable asking a department head or business owner if they've followed established security protocol.
Increasing productivity in a growing company is only half the battle. Companies must also ensure their information is seen by the right sets of eyes. Taking extra steps to protect, educate and empower your staff can make your company more efficient without compromising your data.
Tom Carter is principal architect at Kickdrum Technology Group LLC, a custom software development and technology strategy firm based in Austin, Texas.