Collaboration is of utmost importance in the modern workplace, but when done incorrectly, a collaborative environment can also be an insecure one. Here's how you can allow increased workplace collaboration, without reducing security.
Ask any manager, or any worker for that matter what they consider a crucial aspect of a healthy workplace, and you're sure to hear the word collaboration, or it's synonym, teamwork.
And why not? Teamwork is essential to a happy, functional office, and increasing collaboration should always be a priority. And, with the advent of cloud computing, and collaborative word processors, it gets easier to collaborate every day.
But, unfortunately, there's a downside to all this. Without the proper precautions in place, an open, collaborative environment can also be an insecure one—especially where sensitive data is involved.
And it’s important to note that sensitive data doesn’t just mean things like credit card numbers and medical data anymore. We are living in the age of the GDPR, and now, even a sales spreadsheet that includes phone numbers and email addresses can cause massive compliance issues, fines, and security problems, if handled improperly.
As noted above, the main concern when it comes to collaboration, is the improper handling of secure data, which can cause security concerns, and compliance headaches.
By now, it should be common knowledge that the weakest link in any security environment isn’t the firewall, or anti-virus, or SIEM. It’s the people. Time and time again, large data breaches are caused by simple human error. People forget to lock down S3 buckets full of sensitive information, people share patient data via Google Drive, and people fall for phishing schemes. In fact, according to Verizon’s 2018 Data Breach Investigations Report, companies are more than three times as likely to be hit by successful social attacks (those targeting people) than actual vulnerabilities.
So it's a fact: when you allow more people to access and use sensitive information, you are increasing your risk of a data leak exponentially to all of those threats.
In the age of collaboration, BYOD, and cloud computing, Shadow IT has become a persistent issue for organizations large and small. As the corporate firewall becomes less of a defined boundary, and users are allowed to use their own devices for work, or work from home, they may also look to use tech outside of the tools offered to them. And the ubiquity of free cloud storage tools only exacerbates the problem. If two users working off-site need to share numerous large files, chances are their first choice will be to turn to one of the tools they’d use in their private life: Dropbox or Google Drive. Unfortunately, these tools can be very insecure if set up improperly, and the free versions certainly don’t adhere to strict compliance standards. So how can you keep your users off of Shadow IT? By giving them the tools they need. Find a solution that accomplishes what they need to do, and find one that makes it as easy as possible, to remove any bottlenecks from the process.
For example, if your users need to transfer large amounts of sensitive data, a Managed File Transfer solution like MOVEit can give them the ability to take things into their own hands, while maintaining security with end-to-end encryption and audit trails.
So, we've established the security risks incurred when users collaborate without proper security precautions, but that doesn't mean we want to curb collaboration outright. So how can you create a secure culture without tying your worker's hands with restrictive policies?
The answer is a mix of employee training and finding the right tools for the job. Let’s start with the training bit.
Ideally, every single employee at your organization, from the CEO down, should have some security and compliance awareness training. Think of it as preventative maintenance. The more you train and educate your users with threat intelligence, the less likely they are to make costly mistakes. So train your employees to recognize phishing emails, and to recognize sensitive data before they send it through unsecured channels. If you make your employees aware of security and compliance risks, they're far less likely to put your business in danger. You can even set up fake phishing emails to target your employees and send the most click-happy employees for further security-awareness training.
This is something you can do yourself if you have the resources, or with the help of an outside firm. The more you familiarize your users with cybersecurity, the less likely they are to be intimidated or overwhelmed by it.
If you want your employees to be able to collaborate in a secure manner, it's essential that you give them the tools to do so.
Where sensitive data is concerned, consumer-grade file-sharing solutions simply won't do. You need a Managed File Transfer tool like MOVEit, which can secure your data, with end-to-end encryption in transit and at rest, as well as access controls and audit trails that allow you to manage exactly who is allowed to access and transfer sensitive data.
MOVEit's new Secure Folder Sharing capability removes bottlenecks by letting users create their own secure shared folders for collaboration with anyone, in or outside of their network, while administrators keep full control of permissions and audit logs. Flexible deployment options can make using Secure Folder Sharing as simple as drag-and-drop folder transfers on Windows and MacOS, allowing increased collaboration with unlimited internal and external users, with all of the standard security features of MOVEit, including a tamper-evident audit log and granular permissions for file visibility.
Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites