Staying Connected, but Compliant: A Guide to Collaboration Tools

By Andy Downs

 

COVID-19 is changing the way we work. Concerns about the pandemic have led us to the world’s biggest work-from-experiment as companies large and small encourage employees to stay safe by staying home. But in many cases, the work must go on. Not surprisingly, we’ve seen a boom in the use of collaboration and videoconferencing tools, including platforms like Microsoft 365, Zoom, LogMeIn, Google, Slack, and Cisco. Modern communication software is making it easier than ever before to stay connected and productive.

In fact, many providers are offering video conferencing and collaboration services for free amidst the increasing demand. (Google, for example, is offering advanced Hangouts to all G Suite customers at no cost.) If you’re not already using these tools, now is a great time to explore what they can do for your business.

The sudden shift to a remote workforce, however, comes with a warning. With the explosion of collaboration tools, employees are sharing more information than ever before. Technology teams – and everyone, really – must consider how they secure workforce communication over messaging and collaboration platforms to avoid noncompliance or devastating data breaches. In this post, I share a few tips to stay connected but compliant, and productive but protected in a transforming workplace.

Security Challenges

The problem with many collaboration platforms is the seemingly casual nature of the conversations that take place across them. Even if what you’re communicating seems benign, bad habits become bad practice, which increases your vulnerabilities and raises your risk level for both internal and external threats.

A report from Symphony, for example, found employees were comfortable sharing confidential information through chat platforms – further, nearly one-third of survey respondents said they knowingly connect to unsecured networks and almost 40% use personal devices for work. Well before COVID-19 (weren’t those the days), these collaboration tools already posed security threats and compliance risks of their own. They enable us to migrate from email attachments to cloud-based tools, moving our data from fixed office locations and firewalls to unsecure networks and risky practices. Shifting to a singular platform allows workers to freely share files and data, but it also presents a single target for attackers.

And now, the threat has morphed. Nefarious actors are leveraging the uncertainties of COVID-19 to take advantage of both human and technology vulnerabilities. One report suggests a “bevy of new threats” like coronavirus-themed malware and credential scams. Further, we know that in times of distraction, people are more likely to fall for malicious scams.

Strike the Right Balance

Even before COVID-19, employees expected a seamless experience for the technology they use in their workday – especially collaboration tools. Employees seek the flexibility to work where they want to work, and how they want to work – I predict this trend will only grow following the now mandatory work-from-home rules for many workers.

Business leaders should strive to fulfil this expectation, not just for employee experience and talent retention, but also because it’s a sound business decision. A Gallup poll suggests that companies with highly engaged employees outperform their competitors by 147% and a Deloitte Digital Workforce report finds that 64% of employees would even opt for a lower paying job if they could work away from the office. The demand is there, too. A survey of 12,000 workers found that nearly three-quarters of people knew of systems that would help them produce higher quality work.

Workers also expect that the tools they use will have built-in security. This creates a balancing act for technology teams. How do you strike the right balance between user preferences and a secure work environment? Despite efforts to provide tools with flexibility and security, oftentimes there still will be conflicts between what users want and what technology teams need to provide to remain secure and compliant.

While many collaboration tools do indeed have some built-in security, they are only as secure as you configure them to be. Understanding how to implement best practices for a strong security posture is a necessity for today’s technology teams. The struggle to find the balance is real – one survey found that while 92% of executives were satisfied with their technology environment, only 68% of staff felt the same.

A few tips to help strike the right balance include:

• Conduct an assessment. Where does your organisation’s data currently sit? How is it being stored? In the cloud? Locally? In multiple locations or environments? Now is also an opportune time to assess and classify the data your organisation holds. What information are you collecting? What is considered confidential, sensitive, or critical? What might exist in disparate locations that leadership or even technology teams are not aware of or currently monitoring?
• Who has access to your information and who uses it? Don’t forget to consider external users, such as partners, vendors, or customers, and where these people are working from, especially in light of COVID-19.
• What is the regulatory landscape? Depending on your location or industry, what data protection or privacy regulations must your business comply with, such as the EU GDPR? Even if your team works remotely from multiple locations, these requirements may still apply.

The answers to these questions will help you not only choose the right technologies to employ, but also how to configure them to prevent workflow disruptions, increase collaboration and productivity, and protect your information. Remember, just as your clients or customers expect a seamless experience with your business, your internal customers – your employees – expect the same from you.

Secure your Remote Workforce

Now let’s talk about the how. If your business relies on collaboration tools, how can you ensure they’re both user-friendly and secure? First, opt for tools that offer multiple levels of control. This will allow you to define granular access controls based on user role or type. While many collaboration tools have security features built in, it’s up to technology teams to work with the business to define the best security posture possible, while still allowing flexibility and ease of use.

Microsoft 365, for example, offers a wide range of tools that can be bundled together to create a smart, efficient operating system with enterprise-grade security tools and integrated workplace productivity apps. You can configure it with multi-factor authentication for your organisational email (it’s also good practice to set up MFA for all key accounts, like storage devices or social media accounts); malware protections (for example, by setting rules and adjusting your settings to filter common attachment types); sender protection frameworks; and anti-phishing protections.

Another smart practice is to monitor and create an audit trail of user actions in your collaboration tools to easily detect any inappropriate behaviour. This will also help increase user awareness. In all of your configurations, think flexibility and ease – the best way to reduce risk is to make secure collaboration easy for employees, rather than to create barriers that they will try to circumvent or configure themselves. Don’t push your users down a shadow IT path.

Remember, employees won’t always follow data and security policies. It’s crucial for technology teams to embed these protections into the tools, wherever possible. In addition, train your entire staff on the basics to establish a culture of security awareness at your organisation and arm your staff as your front line of defence against threats.

COVID-19 is transforming the way we work, and quickly. We recognise that collaboration tools will be new to many. It can be difficult for technology teams and decision-makers to know exactly how to configure your platforms and strike the right balance between productivity and protection.

Our Smarter Security Controls service is designed to do just this. We can help you establish – and maintain – a secure configuration posture by providing you with best practice security implementation and actionable insights, from Google Suite to Microsoft 365, and everything in between.

Please be safe and well. If you’re interested in learning more about our Smarter Security Controls, please contact us, get in touch with me at andy.downs@ka2.io.