The market for team collaboration applications is expected to grow 9 percent this year to more than $45 billion globally. However, there is growing concern that these tools are not as secure as they should be.
Slack Technologies, whose cloud-based collaboration tool is used by more than 10 million people each day, recently issued an ominous warning to potential investors. In documents the company was required to file with the Securities and Exchange Commission (SEC) in advance of its initial public stock offering scheduled for June 20, the company noted that it faces threats from “sophisticated organized crime, nation state, and nation state-supported actors” and that its integrated security measures “may not be sufficient.”
This isn’t just a Slack issue. Other popular collaboration apps such as Yammer, Microsoft Teams, Trello and Jira have become valuable targets, largely because they are being used to share vast amounts of sensitive data. According to the Ponemon Institute, about a third of all data in the collaboration and file-sharing environment is considered sensitive. This includes personally identifiable information about both customers and employees, confidential content, intellectual property, payment data, and proprietary analytics algorithms and models.
The greatest threat may come from company insiders who expose information either accidentally or by intentionally circumventing company security policies. One recent study found that 83 percent of security professionals believe employees have accidentally exposed customer- or business-sensitive data at their organization — with more than a third of those breaches involving collaboration and file-sharing tools.
Too often, these tools are being used for casual “water cooler” conversations and gossip involving sensitive company matters.
“I love my people, but they never shut up on Slack,” one anonymous CEO told CNBC reporter Kate Fazzini. “It’s very good for productivity, but … we have to be careful about what we say.”
Another issue is that convenience trumps caution for many users. If company security policies and practices seem too cumbersome, employees are more likely to simply ignore them or find workarounds that make things easier. More than half of workers in one recent survey admitted that they either ignore IT security guidelines or knowingly connect to unsecured network when using collaboration apps.
Protecting a workforce collaboration environment requires a balance between security and user convenience. Organizations using collaboration apps should consider the following recommendations:
- Establish education programs, risk management plans and security best practices for all users who are sharing files and collaborating on content. Stress the dangers of sharing sensitive information with colleagues inside and outside the organization.
- Assign an administrator to take charge of security for the collaboration environment. An administrator can monitor audit logs to see what is being shared and can revoke access if necessary. An administrator can also create private channels with restricted access.
- Use a third-party data loss prevention (DLP) tool to limit the chance of information leaking to outsiders. DLP tools monitor outbound communications as well as host-based activities such as copying files to removable media. DLP scans will generate alerts if any of these activities violate company policies.
- Enable automatic antivirus scans on all file downloads and uploads within the collaboration system.
- Content-filtering features provide another level of protection. They scan web applications, identify malware signatures and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices that are used outside the network.
- Use end-to-end encryption to protect data in cloud-based collaboration platforms. Consider using an app that offers key management services to ensure that you have control over the encryption keys.