While companies look for ways to work smarter and managers strive to promote teamwork, many businesses are turning to platforms that offer a single place for messaging, tools and files. But new vulnerabilities arise with the proliferation of cloud-based collaboration tools and instant messaging platforms.
Often, channels are used to allow junior employees direct access to supervisors or a way for team members to co-author work product. Sometimes channels become a venue where workers share jokes or gossip. Although CEOs worry that fast-moving conversations may leak out and tarnish their company's brand, the main concern is about controlling access to confidential and proprietary information that these collaboration tools provide.
In 2018, it was estimated that over 25% of data breaches were related to employees so how does a company take advantage of the efficiencies that collaboration tools provide and stay protected? Most cloud services use a shared responsibility model that puts the onus on the customer to set-up security protocols to protect their business. For example:
It is easy to limit access to sensitive data and systems to the people who need it to do their jobs, but are there processes in place to revoke access when employees change roles or leave the company?
Is there a practice of encrypting data at the document level to render it useless if it is stolen?
Not all data theft happens online. Are there surveillance cameras and entry systems for restricted areas? Set-up properly, these measures can help reduce tampering with systems or stealing sensitive material.
Many companies perform ongoing background investigations as a best practice to mitigate the insider threat.
Security awareness training can empower a workforce to understand changes in personality traits or values that may indicate a threat from within.