They’re quick to set up, easy to integrate and cheap to maintain. But are they as secure as you need them to be? Many businesses are now using products like Slack, Zoom and Trello (among many others) as part of their everyday digital processes. But stories of data and security breaches resulting from their use are common. Zoom has made the news at least a dozen times over its security vulnerabilities. At the same time, Slack’s ubiquity and ease of use leaves lots of potential for careless interaction. Are passwords regularly changed? How often are files shared via these channels that are publicly accessible by default?
Other risks come from a poor understanding or administration of the tools on the part of management. For example, did you know, according to one hacking expert:
“Trello...will be indexed by Google if its boards are set to “public.” And, public boards’ specific contents can also be searched using a special search called a “dork.”
Regus’s careless sharing of files on Trello exposed performance ratings of hundreds of their staff on line in exactly this way.
Collaboration tools like these have become part of the way we do things. But businesses with sensitive IP or with special responsibilities for data governance should consider whether the protections they offer will be enough to satisfy regulatory bodies, or just give them peace of mind that their data can’t be compromised.
But if it’s too easy to share your data on some systems, other purpose built DMS (document management systems) can present exactly the opposite problem.
It’s well known that workers with particularly difficult or slow internal DMS will often retreat to their own devices and software choices to circumvent password-protected access and slow file sharing experiences. Workers downloading and sending documents to themselves and others to work on a private device, are obviously a potential security risk. But it’s still a common practice and one of the main reasons for the growth of solutions like DropBox.
If you’re choosing an enterprise level document management system to support your collaboration on complex projects - you should check, not only that its levels of security match your requirements, but it is responsive, intuitive and usable across a range of devices.
Humans are flawed. Not paying attention, not following procedures, taking shortcuts and ignoring guidelines. It’s what we do best. But seriously, user error is a fact of life and is a big factor in security breaches. And it turns out, away from the office, there’s more distraction and we’re more prone to making errors of judgement. A recent CyberArk study concluded.that
“Risky cyber-practices were… particularly prevalent amongst working parents… who face additional distractions such as childcare and home-schooling. Of this cohort, 57% insecurely save passwords in browsers on their corporate devices while 89% said they reuse passwords across applications and devices. Additionally, 21% allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping.”
Source: Info Security Magazine
Clearly, there needs to be better training and top-up training in place if we’re going to observe the highest standards of data protection and cybersecurity. But the tools we choose and use should also encourage and prioritise security. For example, collaboration platforms should require and force frequent password changes and two-factor authentication to protect them from unauthorised access.
Access to data needs to be controlled. Often access to a shared drive will give you access to everything within it. The systems that you are using for virtual collaboration need to be flexible, but they also need. to offer granular access control to ensure protection for sensitive information:
The more “fine-grained” those controls are, the better you will be able to minimise the risk of data breaches at every level of an organisation.
Depending on the sensitivity of the data you control, organisations should ensure that the platforms they are using meet the standards of ISO 27001.
These are just a few of the security considerations around the use of collaboration tools and file sharing for an increasingly ‘remote’ workforce. There is clearly much to be done to educate and equip workers to collaborate more safely and effectively while they are at home.