Blog | NFON UK

Online collaboration tools: is the security concern legit?

Written by NFON UK | 13-Jan-2021 18:00:27

Before 2020 produced a scramble to adopt the nearest thing that could provide remote working capabilities, collaboration tools such as Slack, Zoom, and Microsoft Teams were still far from achieving full market penetration. And security concerns were a major sticking point. 

Freedom vs Security 

Digital collaboration tools have long proven a double-edged sword: as is true of many technological innovations, with increased freedoms come newfound vulnerabilities. 

And as online collaboration tools can become host – unwittingly or not – to customer data, employee data, AND other business-critical information, security remains a major point of concern for businesses using them. 

Threat Post, a leading online news publication on matters of IT and business security, stated in one of their articles that ‘the risk posed by collaboration platforms is far from hypothetical’. 

In fact, a number of the most popular and well-known tools have found their security credentials placed under highly publicised scrutiny. 

 

Security for online collaboration tools: under the spotlight 

Cisco

Towards the beginning of 2020, Cisco had to address a bug that was allowing complete strangers the ability to enter password-protected meetings without any authentication needed. While it sounds like something more comedic than serious, the risk of data exposure caused by this was incredibly high. 

Slack 

Around a similar time, a critical vulnerability was found in Slack, which was allowing for automated account takeovers that could lead to data breaches. 

Zoom 

Zoom’s security track record has probably been the most frequently and publicly criticised. As recently as November 2020, the software provider chose to settle in a class-action lawsuit against its security practices which were labelled ‘deceptive’. 

 

Mitigating the risks of collaboration tools takes a bottom-up approach 

But the truth of the matter is, when it comes to data security, technology isn’t the biggest problem. 

Technology evolves and adapts, but one of the biggest security risks has remained the same for some time: human error. 

How people are your biggest security risk: a few quick findings 

  • According to The 2020 Cost of a Data Breach Report (conducted by Ponemon), employee negligence or errors caused 62% of all insider breaches

  • A recent study found that only 23% of remote employees had received any guidance on how to use platforms like Microsoft Teams
     
  • In a survey by Symphony 25% of employees claimed that they share confidential information about their company over collaboration and instant messaging platforms 

Jonathan Christensen, chief experience officer at Symphony has said “a more casual approach to workplace communications and digital habits in general presents major security risks.” 

“Employees won't keep secure practices on their own, and employers must consider how they will secure workforce communication over messaging and collaboration tools." 

You can invest in the most secure, cutting edge collaborative solution on the market, but if a culture of sound security practices isn’t firmly embedded within your organisation, you will still be at risk. 

 

Why businesses must address human error first

In order of priority, you’re best off focusing on how you can achieve this strong security culture, before worrying about the technical nuts and bolts of your online collaboration tools. 

Employees need to be made adequately aware of the dangers seemingly casual and innocuous actions can pose to their organisation, particularly if they work for a large corporation (where staff tend to feel more anonymous, and less like their actions have a significant impact). 

This is a step that, due to the urgent, ‘adapt or die’ situation presented by the pandemic and lockdown, many organisations skipped. 

Instead, most businesses madly rushed to just get something up and running that would bring them the communication and collaboration capabilities they needed. 

All while the elements of practice and process that are normally factored in to minimise risks in the long run fell to the wayside. 

 

Mitigating risk: it’s about security AND strategy 

Moving forward, more businesses looking to tighten up their data security may have to take a step back, and adopt their next solution with a more robust, long-term adoption strategy in place.  

Educate your employees on how best to use your tools; what information they can share and what needs to be kept confidential etc. And make sure the services are sanctioned and managed by your IT team so that you can have visibility into what platforms employees are using and how, this is the key to continually improving the security of your practices internally. 

 

Want to know how to establish a secure end-to-end collaboration solution? 

If you feel you’ve made some progress addressing areas of risk presented by human error, the next step is to find a communication and collaboration solution that is secure from end to end. 

Establishing a true unified communications solution reduces the different avenues of risk, by consolidating all of your comms channels into one platform. Nvoice for Microsoft Teams brings users unified communications with one simple but powerful integration, unlocking enterprise-level telephony through the Teams interface you’re familiar with. 

Plus, by leaning on the capabilities of Cloudya, NFON’s leading cloud telephony solution, Nvoice also comes with built-in business continuity that means your connection won’t drop in the event of an outage or other sudden disruption.