Just like many other aspects of our lives, the pandemic has completely changed the way many of us collaborate with our business colleagues. While collaboration is easy to arrange and facilitate in an office environment, the switch to remote working over the past 18 months means there is now much greater reliance on dedicated remote collaboration tools like Microsoft Teams and Slack than there was before.
On one hand, this is great. Sending messages to colleagues is simple and instant, and you know exactly when the recipient has read your message, meaning you aren’t left in limbo like you are with email. However, such tools also come with several security risks.
Most notably, the necessary internal security controls and visibility that something like email has is often missing. Administrators may traditionally password protect a document in an email before sending or send usernames and passwords in separate messages. But such features, although present, tend to get overlooked when using collaboration/messaging tools.
With the amount of data being shared via these platforms growing at an exponential rate, businesses must understand, and take steps to mitigate these kinds of dangers. This is particularly true where sensitive company information, intellectual property (IP) and personally identifiable information (PII) is involved.
Beware careless ‘insider threats’
In the current situation, many of us are treating remote collaboration tools as a lifeline to our old office colleagues. While such tools primarily serve a business purpose, having friends and colleagues at our fingertips means the temptation to use them for a quick gossip is never far away. However, while this kind of usage is mostly harmless, the blurred lines it creates means casual conversations can quickly stray into sensitive areas, or lead to employees sharing information they shouldn’t be, sometimes with severe consequences.
Of course, companies like Microsoft go to great lengths to ensure the security of their platforms, with features like multi-factor authentication and sensitivity labelling now available to all users. However, user behaviour is extremely hard to predict/control and if employees choose to ignore these features, what recourse does the wider business have against these careless insider threats?
The age-old battle: productivity vs. security
The root of the problem nearly always stems from the persistent tug of war between productivity and security. Making something completely secure usually means imposing strict processes and protocols on employees that they quickly start to resent, resulting in lower productivity and staff morale. Conversely, too much focus on ease-of-use can have the opposite effect, exposing the company to a wide range of fines and reputational damage when a data breach inevitably happens.
Collaboration tools can be particularly problematic because they are deployed by people most interested in their productivity benefits and not their security detriments. Think how easy it is to sign up for these tools with a simple email address and start sharing all kinds of ideas and sensitive data.
In heavily regulated organisations, new tool adoption isn’t something you could historically accomplish without a rigorous procurement and testing process. Cloud systems and business applications should go through the same processes as apps designed to protect an enterprise from risk. Instead, we often see individual teams using collaboration tools that suit their needs with little oversight from governance and IT teams.
In an ideal world, businesses should detect and block all of these applications until they’ve had time to assess them, after which they can be released in a controlled manner. However, in the post-COVID era, where many businesses are still getting to grips with hastily compiled remote working initiatives, such best practices remain something of an afterthought.
Fortunately, there’s a growing number of security solutions that businesses can use to significantly enhance the security of their remote collaboration tools. By investing in tools that provide near real-time visibility, analyse and compare messages and attachments for violations, and perform keyword searches that deliver broader context into potential insider threats, these security solutions can help businesses protect their most sensitive data from careless and malicious insiders alike.
As the world continues its slow recovery from the impact of COVID-19, remote/hybrid working looks set to remain the norm for the foreseeable future. For businesses looking to recreate the organic office environment in a remote setting, collaboration tools will undoubtedly play a key role in their plans. However, as part of their planning process, they must also educate themselves on the security risks involved and take advantage of the great security solutions out there to mitigate those risks as needed. Only then can they reap the full benefits on offer.
Tim Bandos, CISSP, CISA, CEH is CISO and VP Managed Security Services at Digital Guardian and an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity world and has a wealth of practical knowledge gained from tracking and hunting advanced threats that targeted stealing highly sensitive data. A majority of his career was spent working at a Fortune 100 company where he built an Incident Response organization and he now runs Digital Guardian’s global Security Operation Center for Managed Detection & Response.