
Collaboration tools have been an upcoming staple of the workplace, and with the pandemic causing mass migration to remote work, use has skyrocketed. Demand has increased so much that many are temporarily offering their services for free.
Unfortunately, cybercriminals are highly aware of this trend and are taking full advantage. After all, chances are businesses are using at least one of the main tools, i.e., Slack, Microsoft Teams, Zoom, Google, etc. Hackers not only know where to find new targets but how they use the platforms as well.
For example, a report by Symphony found that 27% of employees knowingly connect to unsecured networks, and 25% share confidential information about their company on collaboration tools.
Chances are, with the swift move to remote work, employees are not as secure as they were in the office. Especially now that there isn’t as much accountability for the devices they use and applications they download.
In a way, one could say that collaboration tools are like the email of 20 years ago – there is an inherent trust that the person on the other end is who they say they are. Of course, over the years, there have been many publicized risks, news about phishing scams, and awareness training for employees. What happened with email is what must happen with collaboration tools as well. If this lesson isn’t learned soon, we could see many stories in the news about hacks and lost data from these tools.
What the Future Could Hold
The casual nature of collaboration tools, and the lack of understanding of the security around it, leads to a very relaxed environment – one where employees are less likely to see a threat. This could be in the form of a malicious link or another ‘colleague’ asking for confidential information. While it is not as common as with email, there is the possibility that someone is spoofing or faking messages on the platform.
With credential stuffing becoming a massive commodity for hackers, it could be effortless for one to log in to a platform with stolen credentials, gaining access to data and information behind the usual defenses. Not only does the hacker have unfettered access, but they can also share malicious documents and links to unsuspecting colleagues. The havoc wreaked by a compromised account can have significant financial repercussions as well as a hit to reputation.
What to Do
Like all things ‘cyber,’ there is no surefire way to prevent a breach, but there are steps organizations can take to better their chances. One of the simplest ways to avoid a compromised account is by using multifactor authentication. Having a strong password is no longer enough, and while not foolproof, MFA ensures there is an added layer of protection when accessing an application.
User training is also vital. It could be said that without educated employees, there would be no point in implementing security measures because the staff is ultimately the last line of defense. Data is continuously in motion on collaboration tools, so ensure there are policies and procedures in place to protect essential information. Along these lines, classify data and define rules for handling it. For example, restricting access to certain information or requiring encryption.
Collaboration tools aren’t always the secure platforms they seem to be. As tiring as it is to say, don’t let your guard down.