Until recently, email was the primary mode of communication in workplaces across the globe. Then, the pandemic hit and organizations quickly had to pivot their approach to collaboration. Enter cloud apps like Slack, Microsoft Teams and Google Workspace, which are perfect for rapid, remote communication amongst employees.
Even now, as life returns to normal, these cloud apps are undoubtedly here to stay. Employees like using them and they enable a rapid-fire style of conversation that email simply can’t keep with us.
At the same time, collaboration tools are often more cost-effective than legacy forms of communication. Research shows that companies spend more than half of their annual budgets maintaining traditional communications solutions like email and conferencing hardware.
Does this mean email is dying? It might well do. The death of email has been talked about for at least a decade but it’s only now that this medium has some worthy competitors.
Of course, though, as with every modern technology, there are security risks to consider—especially when it comes to the data that resides in collaboration tools.
What are collaboration apps?
Before we dive into the security risks associated with cloud apps like Slack, let’s first take a closer look at how these tools work and how employees use them.
Collaboration apps are cloud-based platforms that facilitate instantaneous conversations, with added functionality to make remote collaboration as seamless and easy as possible. Common features in these tools include instant messaging,video call capabilities, group chats, file storage and live document collaboration.
Generally speaking, your employees prefer to use these tools over email. In fact, research shows that half of employees think receiving fewer emails at work would help to increase their job satisfaction.
While email communication can be formal and overwhelming, collaboration tools offer people the chance to have fast, informal conversations, with the added human touch of gifs and emojis, which can improve a sense of community and connection in the workplace.
The cybersecurity risks of collaboration apps
Organizations can’t afford to ignore tools like Slack and Zoom. They are becoming a firm part of workplace culture. At the same time, though, they present numerous security risks that IT professionals must address, including:
Threat actors can exploit collaboration tools
Over the last two years, security researchers have noted that the increased use of tools like Slack and Teams presented new opportunities for cyber-attackers to exploit their victims in creative ways.
Credentials phishing, brute-force password attacks and impersonation are just some of the tactics cyber-criminals frequently use to manipulate employees and steal their collaboration tool login details. In line with this, research shows that 95% of companies were targeted by cloud compromise attacks in 2020, with half falling victim to one of the attacks.
It’s easy to mis-configure cloud apps
A misconfiguration is any form of security gap or error that leaves the data in your cloud app vulnerable to compromise or exposure. Typically, misconfigurations arise due to the complexity of securely configuring cloud apps.
Even for experienced system administrators, cloud app settings can seem like a different language – and each cloud app is unique too, making things more difficult. As a result, 43% of organizations have dealt with at least one security incident resulting from a SaaS misconfiguration in the last year.
The top causes of these misconfigurations are cited as a lack of visibility into changes into the SaaS security settings (34%), and too many departments with access to SaaS security settings (35%).
Human error remains an issue
According to IBM, human error is to blame for 95% of all data breaches. Employee mistakes take many forms: the employee who unintentionally deletes a file with sensitive data, someone who shares confidential information with an unauthorized recipient, or the person who uploads confidential data to a public cloud folder.
While these issues have always been present, they are heightened in SaaS apps like GitHub. This is because these tools are full of unstructured data, which legacy tools can’t discover or secure.
How to secure and protect your collaboration apps
To mitigate the risks associated with collaboration tools, organizations need to think innovatively. The security solutions that you use to secure traditional infrastructure like email simply don’t work in cloud apps. You need to take a new approach, focused on:
- Data identification and classification
- Data loss prevention (DLP)
- Intelligent employee training
Data identification and classification
The first step to protecting unstructured data is identifying where it’s located. To achieve this, lean on a third-party data discovery tool that gives you total visibility into where your data is in the cloud.
From there, you’ll need to classify your data according to its sensitivity and risk factor, and then implement controls that determine who within your organization is able to access this data, based on intelligent factors such as their location, IP address and so on. This process prevents the likelihood of data theft in the event of credentials compromise.
Data loss prevention
Data classification goes hand in hand with DLP, a solution that continuously monitors, identifies and classifies the data in your cloud apps, ensuring that data is protected with adequate controls 24/7 and only authorized by verified employees.
Our tool, Polymer DLP, combines intelligent data classification with DLP in the cloud to identify structured and unstructured data in the cloud. Using artificial intelligence and a self-learning engine, Polymer DLP enables you to close security gaps, meet regulatory requirements and protect data across your cloud apps.
Intelligent employee training
We recommend you support your DLP initiative with ongoing employee security training to reduce the frequency of human error. Not all training is created equal. Away days and video tutorials are often seen as cumbersome by employees.
Instead, you could opt-for a more engaging form of training: in-app nudges. As found in Polymer DLP, in-app nudges work in real-time, appearing as pop-ups within tools like Slack and Team.
These nudges prompt users to think about their actions and how they might inadvertently compromise data security. For example, if an employee is about to share a document with sensitive data to a group of people, a nudge will appear, asking the employee to think about whether everyone in the group is authorized to see that data.
Our nudges are also backed up by DLP policies, meaning our solution will block employees from performing risky actions, as well as educating them on the reason.
Collaboration tools are the future – make sure you secure them!
Ultimately, as employees continue to migrate from email to cloud apps, you need to pivot your security strategy. Rather than focusing on email DLP, it’s time to invest in DLP for the cloud.