(April 11, 2023) IT collaboration tools have become an indelible part of the IT environment, enabling remote and mobile workers to communicate, share information and keep projects on track. Without proper management, however, collaboration tools can create significant security risks.
One of the biggest threats is sharing too much information — in a recent Microsoft study, 71 percent of workers admitted sharing sensitive and business-critical information using collaboration tools. In addition, phishing and ransomware attacks that traditionally have been launched via email are using collaboration tools as an entry point.
Microsoft is addressing these risks with its new Collaboration Security for Microsoft Teams solution. Scheduled for release in June 2023, the solution features advanced threat-hunting capabilities and enables administrators to run attack simulations to encourage user awareness. It also enables users to report suspicious messages directly from Teams, just as they can now report suspicious emails in Outlook so that the message can be quarantined. Few collaboration tools offer the kinds of security controls that are now available in Microsoft 365.
Assessing Controls
Many organizations are leveraging cloud-based collaboration tools because they offer access to state-of-the-art functionality with faster deployment and no upfront costs. When evaluating cloud providers, organizations should consider whether they meet the highest standards for security and business continuity. Ideally, the provider should have robust intrusion prevention and malware detection.
The risks increase exponentially when employees use consumer-grade collaboration tools. Because these applications are typically used without the knowledge or permission of IT, activity can’t be monitored. Furthermore, many consumer-grade applications don’t satisfy government and industry regulations for data protection and privacy, which can lead to costly compliance violations.
Defining Policies
The first step toward effective collaboration security is to understand how it differs from other aspects of cybersecurity. After all, the point of collaboration is to facilitate information sharing. Organizations should define policies that balance collaboration risks with the business value of the applications.
However, few organizations have policies and procedures in place for managing and securing collaboration tools. Often, data is not encrypted, increasing the risk of exposure when it’s stored in the cloud or shared outside the organization. Malicious URLs and attachments can also be shared across a large user base, quickly spreading throughout various systems. Traditional security measures such as firewalls and access controls are largely ineffective against these threats.
Collaboration policies should focus on the business, legal and regulatory requirements for data protection and retention. What data must be encrypted? When should it be archived? Do privacy laws dictate that data be stored in a particular geographic location?
Making Adjustments
When implementing these policies, it’s not enough to inform users of the new rules and hope for the best. IT staff should monitor user behavior and measure policy compliance against predefined thresholds. The organization can then determine the best way to encourage compliance, whether that involves communication with individual users, additional training, or disabling certain software features.
If non-compliance continues to be widespread, it may be necessary to adjust the policies to better suit organizational culture and workflows. In any event, it’s important to regularly assess collaboration policies to determine if they still meet business needs. Policies should also be redefined when new collaboration technologies are adopted.
Mobile workers and geographically dispersed teams need collaboration tools to share information and stay engaged. Unfortunately, collaboration tools can create security and regulatory compliance risks. Without effective security, collaboration can lead to data exposure, malware infection, and credential compromise. Organizations need to understand the threats and implement the right policies and tools to enable users to work collaboratively without putting sensitive data at risk.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile