Digital collaboration is a top priority for business leaders as they work to keep remote teams productive and engaged. Many organizations are introducing tools like messaging and videoconferencing to enable communication – but with new investments come fresh security risks.
2020 has seen several high-profile collaboration security breaches make headlines. Unauthorized users taking over meetings. Critical credentials leaking via a compromised digital workspace. Poor governance of shared files and documents.
For IT, security and business leaders, these cautionary tales are cause for serious scrutinization of their collaboration strategy. In the new normal of work-from-home, many are asking: “Where do the risks lie?” “Where are we vulnerable?” “Are we making the right investments and strategic choices?”
These are important questions, because remote work is here to stay. As pandemic-related restrictions stretch on, Gartner reports that 82% of businesses plan to allow at least part-time remote work even after the COVID crisis is over.
To help answer today’s top-of-mind concerns, here are five often-overlooked collaboration security pitfalls that can help guide your strategy.
#1: Allowing Unapproved Solutions
When your employees collaborate using tools outside of IT’s control, security risks increase significantly.
Workers often turn to messaging tools like WhatsApp to stay connected with teammates, but these consumer-grade solutions lack advanced security features. If an employee uses unsanctioned channels to share sensitive information – such as patient data or financial details – that data is at risk. They also aren’t under IT supervision, so accounts and files can’t be controlled if an employee leaves your company.
Plus, when employees select their own solutions, there’s no organization-wide method for collaboration, which can stifle productivity and teamwork. A holistic solution can solve these issues by bringing all communication into a single, secure space.
#2: Prioritizing Data Security, but Not Privacy
Businesses recognize the importance of data security as they assess collaboration platform options, but many don’t consider data privacy. Privacy means that your provider won’t monetize or sell your collaboration data.
For both ethical and business reasons, some businesses prefer to have total data privacy from their collaboration vendor. Such a commitment to privacy is rare among collaboration providers – but they do exist.
Ultimately, each organization needs to make the call. Do your stakeholders feel comfortable knowing your data may be shared or analyzed by a third party? Would your clients, patients or customers be comfortable with their IP being used that way?
#3: Inadvertently Putting Data in the Wrong Hands
The market is flooded with open collaboration tools that connect all users with all shared data. But for organizations that need stringent data security and control, these options fall short.
Every business has data that it wouldn’t want to be broadcasted publicly. In particular, industries such as healthcare, finance, government and education need to manage access to sensitive files tightly. They also need to enforce account privilege rules, especially for external users, to make sure files or messages don’t end up in the wrong place.
To protect your own organization’s data when collaborating, consider the following:
- Does this platform provide granular control over user access and permissions?
- Can we flag external users clearly?
- Are there safeguards to prevent users from finding sensitive files or information via search?
- Can we monitor usage to identify any unauthorized access to messages and files?
#4: Introducing Vulnerabilities Through Integrations
Many organizations turn to third-party integrations to enhance their collaboration capabilities. But adding on new software creates exploitable security weak points that cyber criminals can use to infiltrate digital workspaces.
Likewise, organizations that employ a number of disparate collaboration applications face a larger attack surface and more risk. They have more to manage and more credentials to control.
Remember that your collaboration strategy is only as secure as the applications involved in it. Limiting the number of tools you use, assessing their security practices, and carefully managing integrations can help minimize your risks.
#5: The Downsides of Enterprise Key Management Solutions
Enterprise key management (EKM) has earned a reputation as the gold standard for data protection. But without a clear need or business case, the overhead costs of these solutions often outweigh the security benefits.
Because most companies don’t have the relevant expertise internally, they frequently require costly third-party support. EKM solutions also create the risk of lost encryption keys, which can lead to data loss.
It’s worth noting that many EKM solutions fall short of true end-to-end encryption. Issues such as temporary search indexes or cloud providers requiring encryption keys for archiving compromise the promise of all-encompassing protection.
If you’re uncertain that EKM is a necessity, consider alternatives such as on-premises and private cloud deployments. They’re likely easier, more cost-effective solutions for your security needs.
Empowering Collaboration, Without Compromising Security
Secure remote work is possible for your company. You just need the right tools, technologies and strategies to make it a reality.
As your teams continue to work remotely, remember that protecting access and data is a crucial security priority. Be mindful of the common mistakes and pitfalls, and continue to monitor emerging vulnerabilities and attacker tactics. With careful consideration, you can empower your team to succeed, no matter where they’re working.