How to Identify Security Weaknesses In Your Organization’s Collaboration Tools & Policies

The adoption rate of cloud-based productivity tools has skyrocketed in recent years, and for good reason: these platforms are keeping enterprises agile, efficient, and collaborative. But there’s no such thing as a free lunch — or an ironclad digital environment that runs securely without any help.

These tools have introduced entirely new environments that enterprises must keep a watchful eye on. Unfortunately, many have fallen behind. In fact, some estimates hold that only 40% of companies have a proactive security strategy for their collaboration platforms. Furthermore, new risks are popping up all the time, so monitoring and responding to threats should be an ongoing effort. 

But what should you look for? The question may not be what, but where. By taking a hard look at the three key components of your collaboration tool setup — the people, devices, and software — you can gain an accurate assessment of where you are on your security roadmap (and where you need to be).

The People

One area to look for opportunities for improvement is with your people. Employee negligence and user error account for an estimated 62% of insider breaches. So, where to start?

Thorough Password Protection

The most straightforward place to start is your employees’ passwords. Best practice often involves making sure you have the basics covered, so here are a few questions to ask yourself regarding your organization’s password policies:

• Are your organization’s passwords strong enough to protect against brute force attacks? 
• Are they unique across services to limit exposure?
• Do you have two-factor authentication activated for certain situations like a new device or location?
• Might using password management software be a good fit for your organization?

Proactive Privilege Policies

Next, take a look at your privilege policies. Access rights can creep over time, resulting in the trend of users with a higher level of provisioning than they need. Security controls that ensure staff have access to only the workspaces and channels they need require a strict, documented process that involves automatically revoking access as soon as a person no longer needs it. Implementing such a process often involves evaluating the places data is stored to ensure it’s all relevant to users that have access to it.

Software Knowledge & Training

Finally, it’s worth asking what kind of knowledge employees have about using collaboration software. As much as 75% of a workforce may not have any guidance concerning best practices with their collaboration platform — and this has ramifications for security. A current and thorough training program can be a huge mitigation tool when preventing both malicious security breaches and accidental disclosures. Sometimes, even just communicating to employees how closely access to project files is monitored can make a difference by emphasizing the importance of security within the organization.

The Devices

The people who pass documents around aren’t the only potential liability: the devices they use to share those documents should be reviewed, too.

Corporate Devices

On corporate devices, encrypting data, updating operating systems, installing endpoint protection, and maintaining patching need to be part of a constant, vigilant process. It’s also a good idea to review your device monitoring processes to identify suspicious events and unusual traffic patterns.

Personal Devices

Devices that are not on your system are another story altogether. As soon as data leaves, the risk goes up and control goes down. Insecure personal devices, therefore, should be a big area of concern. If employees at your organization use personal devices, determine your risk tolerance and closely observe which assets they can access, what credentials are used, and what best practices are enforced.

The Apps

So, you’ve got your eye on the laptops and phones in use (and the people operating them). Now it’s time to turn your attention to the applications themselves. 

Security Protocols for Cloud-Based Tools

Any cloud-based workplace collaboration platform brings third-party risk. These suites have come a long way in terms of unauthorized access and data compromise, but some are farther than others — and you can’t assume every platform offers the highest levels of protection when interacting with your network security flow. When evaluating your collaboration tool vendor, it’s up to you to ask the hard questions about aspects like firewalls, DLP controls, phishing prevention, and penetration testing to see if your chosen collaboration suite is up to snuff. 

What do they offer for credential protection, extension management, cloud management, and malware or ransomware sandboxing? A strong software offering should put your mind at ease with aspects like zero-trust access, threat and data protection, and secure application layer access.

Non-Approved Applications

When evaluating your collaboration tools, make sure you are looking at all the tools your staff use. You can’t assume all staff are using only your centralized set of approved collaboration tools. As many as 50% of employees may have used an application their company didn’t approve, meaning sensitive information could be deliberately shared on unsecured systems as you read this. 

For those unsanctioned tools that seem to increase efficiency and ease of use, consider adopting them as an official part of your stack. There are several ways to approach this kind of application integration, and they all involve working together with your business units to listen and make adjustments to your security protocol in a way that benefits the goals of the company.

Security starts with an honest evaluation. If you’d like to take a short security assessment to see where your company’s weaknesses might be, click here. Or, if you’d like to learn more via our webinar, “How Google Workspace Enables Enterprises to Work Safer,” view it on-demand here.