collaboration tools

Collaboration tools in the workplace: secret weapon or double-edged sword?

The use of collaboration tools has grown exponentially as organisations around the globe embrace the potential of remote and hybrid workplace models. No longer subject to geographic limitations, these businesses are unlocking huge value from global talent pools using platforms like Microsoft Teams, Google Workspace, Zoom and Slack to improve visibility, simplify project management and streamline communication.

 

While it’s difficult to put a number on the value these collaborative platforms deliver, skyrocketing adoption rates support what we already know: the bang for buck is significant. Microsoft Teams, for example, reported a 625% increase in user numbers between November 2019 and April 2021. Zoom’s uptake was even faster (although somewhat less consistent, post-pandemic), with meeting participant numbers increasing by 2900% since 2019.

 

Contrary to popular belief, this was not a pandemic-driven flash-in-the-pan, either. Recent years have seen ongoing momentum in the deployment and configuration of collaboration capabilities, with an increased focus on security and compliance within these now-vital business tools.

Security and compliance complexities

The entire purpose of collaboration platforms is to make it easier for employees and external collaborators to communicate, and to access and share information. That’s great for productivity, but can make it a lot tougher to secure your data perimeter and safeguard potentially sensitive business conversations and/or information.


This isn’t helped by the fact that many organisations originally deployed their collaborative
capabilities in pandemic-driven haste, relying on hurriedly cobbled together security and information governance controls at best. Putting more data at the fingertips of your users also increases potential damage in the event that their access credentials are compromised.

 

Don’t be fooled into thinking that removing collaborative tools from the equation is the answer, either. Apart from the competitive disadvantage this poses, it’s also more likely to result in additional vulnerabilities introduced by Shadow IT: unsanctioned and therefore unprotected collaborative/sharing tools (e.g. Personal DropBox, Box, Google Drive etc.) that employees may use in place of – or preference to – their organisation’s official and more closely managed and monitored channels.

How to reduce collaborative risk

There’s no denying that collaboration tools introduce a new frontier of risk to the corporate information security landscape. However, with the right protections in place, it is entirely possible to reap their productivity rewards without exposing your business to additional risk.

 

For the best results, we highly recommend taking a step back to assess your overall information security posture, benchmarking where you currently stand in order to plan a practical roadmap to where you need to be.

 

In the meantime, here are a few simple – but effective – tactics that can make a sizable dent in your collaboration-driven risk.

    • Beef up your in-house collaborative capabilities: When users have the tools they need, and know how to use them, there’s less incentive to turn to unsanctioned apps and software (Shadow IT) to get the job done.
    • Choose a “Trusted” service provider with the necessary investments in standards and regulations and certifications: this confirms that they are taking the cloud services being provided to you seriously and the security procedures have been independently vetted by an international third party.
    • Ensure you use a vendor with modern Information Protection features that can help you define your sensitive information, identify where it is and how and who is using it, and then apply the appropriate protections and controls in the flow of work for the modern and mobile information worker. This needs to offer a combination of automated and user driven protection to ensure effective and convenient control that does not stifle intended collaboration requirements.
    • Make full use of Information protection features that are based on the concept of a modern perimeter (security can no longer be based on a traditional secured network perimeter or the location of the content, as users can be working, sharing and collaborating on content from anywhere. Identity based access needs to follow the document or email regardless of where it lands up and should be based on the sensitivity of the content.
    • Provide regular training on cyber security and cyber hygiene: The threat landscape is constantly changing, and staff needs to keep abreast of common attack vectors as well as best practices to minimise risk. (In some cases, it can also be helpful to openly implement activity monitoring to motivate responsible behaviour and mindful use of collaborative platforms.)
    • Use password management software and multi-factor authentication (MFA): Breached passwords are one of the most common vectors for collaboration-tool-based attack. Password management software combined with MFA is a great way to limit users’ ability to intentionally or unintentionally hand over their key to your kingdom.
    • Use features that can leverage the telemetry from user behaviour to identify and protect against nefarious or suspicious user behaviour (Cloud App Security, Insider Risk etc.)
    • Implement information life cycle management and workflows: effective Retention
      and disposition policies help to meet regulatory requirements while reducing the risks of retaining unnecessary content beyond its useful life.Ideally, IT and project owners/leaders should work through an information governance workflow to assess each collaborative project’s sensitivity and risk level on creation, implementing appropriate permissions and controls from outset through to defensible destruction/deletion.

Losing sleep over potential information security loopholes introduced by your productivity tools? Get in touch to find out more about our comprehensive  Microsoft 365 Security Assessment & Roadmap and how you can regain confident control over your data landscape.

The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.
Bristol
Cape Town
Johannesburg
Email