The sudden switch to remote work as a result of the pandemic – and now back to hybrid workplaces – did bring to prominence a host of collaboration platforms like Microsoft Teams, Zoom, Skype and Slack, etc. Needless to say, these tools are enabling fast and seamless communication and turning out to be the new norm. But one thing that is often ignored is the security of these collaboration tools.
A recent global study by Metrigy confirms that 41% tech professionals use more than one meeting application. Nearly 38% have deployed multiple team collaboration applications, and more than 15% have more than one phone system. Despite that nearly over 60% of companies don’t have specific collaboration security policies in place, says a Unify Square research report.
This leads to a new set of challenges for IT and the security teams on how to achieve the right balance between security and end-user productivity. This is not a new struggle; similar issues affect email, document sharing and more. However, the lightning-fast evolution of integrated and “always on” collaboration platforms has introduced new considerations.
So, how can IT teams overcome these collaboration security challenges without impeding end-user productivity? John Case, CEO at Unify Square, says in a recent blog, “The first step is to understand usage and discover the security blind spots that may be hidden in your collaboration platform deployment.”
Conducting a collaboration security and governance audit is a good place to start, he says. This audit should cover the current governance structure, policies and team life-cycle settings. If your collaboration platform is deeply tied to other systems, take the governance settings of those systems into account as well.
The next step is to understand collaboration platform usage. Using either native security analytics or a third-party tool, track metrics like guest access, team ownership and user reporting. This discovery process can provide insight into what end users need from a collaboration platform and, in turn, can inform decisions around policies and other governance. If security analytics are available during the audit process, they can establish a security and governance baseline that can be used to track performance over time.
Here are some of the ways in which CXOs can secure their collaboration platforms from getting hacked:
- Use a password protected “meeting room”. Experts believe, the one with a virtual lobby is even better because an IT administrator can easily monitor individuals before granting them access to the meeting to ensure that they’re supposed to have access to it.
- Make sure you’re aware of everyone that has joined your meeting. Double check the participants’ list to ensure that everyone is accounted for and there are no rouge or anonymous profiles present. If you find any, remove them right away before starting the meeting.
- Sharing Content: Make sure that you as IT admin or security head has all the control over the content being shared in the meeting. No one should be able to share images, videos or even their screens without you allowing the permission to do so. This way no one can take over the meeting nor can the meeting be spammed with content that isn’t meant to be there. If you have the option to, also enable encryption for shared data so nothing can be shared outside of the meeting room/chat.
- Entry and Exit Tone: When an entry and exit tone is enabled in a meeting, you can hear everyone enter and exit. No one can drop in and spy on the meeting without your knowledge.
- Record the meeting: Only the administrator should have the ability to record the meeting. If you require other people to record as well, you can always grant this permission later on.
- Meeting Invite Forwarding. In order to control who joins the meeting, either turn off invite forwarding or individually approve each member who joins. This way no one can randomly join the meeting without your knowledge.
A new Cisco Talos Intelligence report explores how cyber criminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. It says that collaboration security tools that feature inbuilt AI/ML technology can provide constant monitoring and regular security checks to protect businesses and help bridge the gap between the traditional security world and the increasingly modern and collaborative digital workplace.
Of course, budget constraints are a major hurdle for most IT teams. When making the case for investment in collaboration security, the CIO/CISO should show how these investments improve end-user productivity while reducing risk. IT should also partner with CEO, HR and other departments to make it an enterprise-wide strategy.
The security issues associated with collaboration platforms aren’t going anywhere anytime soon; in fact, the accelerating shift to hybrid work is likely to increase the risk. While IT and security teams are just starting to understand the full gamut of risks associated with collaboration platforms, they should create a proactive security plan to identify and protect their stakeholders before it’s too late.
