The business world is an increasingly collaborative place, as people work together online in their enterprises as well as with customers, partners, supplier and contractors. Many tools are available that make it easy --- but their use can cause serious security problems. One survey found that 66% of IT decision-makers believe collaboration tools open their networks to break-ins, and another that 80% believe messaging and collaboration platforms are vulnerable to cyber attacks.
What can you do if you want your company to keep using collaboration tools, but do it securely? Check out the following recommendations from the experts.
Why Your Enterprise Is Vulnerable to Collaboration Tools
There’s a basic tension between the use of collaboration tools and enterprise security, experts say. Collaboration tools are designed to be as open as possible and allow people to work together in disparate locations, often sharing sensitive files and information. And they frequently do it outside corporate networks, while traveling or at home — and they may be using their own personal phones, tablets and computers. Particularly dangerous is when people inside enterprises collaborate with third parties, such as partners, suppliers, contractors and customers. That openness can leave unwitting companies subject to break-ins and attacks.
“Enabling collaboration in real-time, in today’s fast-paced environment, is critical for businesses,” says Cindy Donaldson, president of the Global Resilience Federation, a non-profit group that focuses on protecting infrastructure and organizations against cyber threats and other dangers. “We do it all the time at the Global Resilience Foundation. The key is making sure that information is protected while you collaborate.”
What specific dangers do enterprises face when using collaboration tools? Tyler Koblasa, CEO of CloudApp, which makes software that records screen captures, webcam and video, and shares them securely in the cloud, says it starts with unauthorized users gaining access to corporate networks and data.
“Many collaboration tools don’t have the most basic security controls, notably two-factor authentication,” he says. “So someone could pose as a contractor and easily compromise an enterprise by using false credentials.”
Once someone does that, they can gain access to file-sharing services and steal sensitive files and participate in live conferencing where private data is shared. Worse, they can use that access to steal credentials of corporate employees and then run loose in the corporate network.
Employees sometimes share sensitive files as attachments in collaboration software, Koblasa notes, including private data and API keys. API keys can function as passwords to give someone access to sensitive network resources and automate gaining access to a wide variety of private data.
Other dangers include employees sharing private corporate information in unencrypted, plain-text messages, and hackers embedding malicious software as attachments, or as drive-by-downloads in the web pages that host the collaboration software. That malware can then infect the corporate network.
How Your Enterprise Can Protect Itself
There’s plenty enterprises can do if they want to stay safe while allowing employees to use collaboration tools. Donaldson says it’s all about the data and what kind of information is being communicated with these tools.
“The software and data need to be subject to the same security policies as all other data and software,” according to Donaldson. “Look at the kinds of access policies you have in place, including tracking using individual IDs. Make sure to use strong encryption. You’re really just applying the same security principles as you would with any other technology, and ensure you're striking the right balance between security and ease of use.”
Koblasa adds that it’s important for companies to have a single point of attachment to all cloud-based services, including collaboration software and file-sharing, and then enforce strong authentication when people connect to it. That way, he says, “You won’t have your company data ending up on many different third-party clouds.”
In addition, he says, all content inside any files shared via collaboration software should be scanned for malware and to make sure they don’t contain sensitive and private information such as credentials, passwords and customer data. And companies should decide which collaboration software should be allowed to be used, and those should be white-listed, with the rest black-listed.
Donaldson stresses that ultimately, staying secure while using collaboration software requires more than just adhering to the right technical policies.
“Most important of all is providing security awareness training for employees that includes potential dangers of using collaboration software,” she says. “Because security is a mind-set. It’s a culture. You really have to get the entire organization looking at things from a security perspective. Security is everybody's job.”
How Snapper Further Protects Data in Amazon S3 using CWP for Storage
Join our webinar to learn why Snapper chose CWP for Storage to help protect the customer data stored in their Amazon S3 bucketsRegister Here