Collaborative software is a key lever for communication and productivity. Since the start of the pandemic, collaborative communication technologies – such as Slack, Skype for Business, or even Teams – have been massively adopted within companies. Employees use it to make video calls, share documents, as well as send each other instant messages and humorous memes. According to a recent report by Market Research, the collaboration tools market is expected to reach $45 billion by 2025.
However, with this increased use comes an increased risk. There are thus several security vulnerabilities related to instant messaging; but also preventive measures that system administrators can deploy, in order to prevent their organization’s sensitive data from falling into the wrong hands.
Internal data sharing
Instant messaging platforms allow colleagues to exchange files in record time, which is certainly practical, but not always secure. Some users inevitably share sensitive information with individuals who should not have access to it.
To limit this risk, it is necessary to block communication between certain employees, or certain teams. Another solution is to allow communication, but disable the file sharing feature. However, this method is ineffective when employees copy and paste sensitive information from a document into a chat window.
Another option is to configure Data Loss Prevention (DLP) settings to detect and block sharing when specific sensitive content is found in a message; a social security or credit card number, for example.
Sharing data with guests
This software also offers the possibility for employees to share information with actors outside the company, such as suppliers and customers. The purpose can be to exchange documents, participate in conversations, as well as make and receive calls with guests outside the organization. While this feature facilitates collaboration, it increases the risk of seeing sensitive data shared inappropriately.
Here again, DLP tools are relevant. Microsoft Teams, for example, makes it possible to mark documents to be encrypted, so that only certain collaborators can decrypt and open them. Employees can then freely share documents externally without the risk of the wrong people accessing them. In addition, due to the sensitivity of the data shared via these platforms, it is important to verify the identities of the interlocutors at each exchange to ensure that these identities have not been compromised.
The easiest way to achieve this is to deploy multi-factor authentication (MFA). It is also possible to implement attack detection solutions for authentication systems, including Azure AD and Active Directory. This will help verify that the callers are legitimate. Indeed, many users are now (too) confident when chatting on a collaborative communication tool due to the massive deployment of these programs since the start of the pandemic.
Phishing
Instant messaging platforms rely on proven marketing techniques: after a certain period of inactivity, most of them send an e-mail reminding users that there are messages to which they haven’t responded yet. These emails also include a link to the software.
However, some cybercriminals manage to compromise these emails. The IT team must therefore regularly inform the employees of the company of the existence of this risk, and train them to identify these malicious activities. However, this is often neglected, while the improvement of the online security of the organization and the good management of its computer system depend on it.
Other protective measures
It is recommended to use not only the features offered by instant messengers, but also to track activities on the platform. For this purpose, the monitoring tool should be the same one used to manage the rest of the activities occurring in the IT ecosystem. IT teams will ultimately be able to categorize data consistently, while improving threat detection and response. Finally, a solution dedicated to audit will also help them to detect the activity of external actors, to detect suspicious activities in order to avoid possible data breaches, to carry out the investigation in the event of incidents, and to Demonstrate to auditors compliance with applicable legislation.
Finally, it is important to ensure that the platform hosting the collaboration solutions is secure. Vendors communicate quite well about possible security vulnerabilities and available patches. However, care should be taken to keep an eye on the publication of these bulletins and ensure that the vulnerabilities in question are fixed quickly, so that cybercriminals do not have time to take advantage of them.
When IT teams implement security controls, they should keep in mind that employees use instant messaging to communicate easily with other individuals. But if the security tools in place interfere with their productivity, users may turn to software outside the company’s IT environment, which will significantly increase the risks. It is therefore preferable to seek to achieve a balance between safety and productivity, by defining rules that are reasonable; in other words, suitable for both IT teams and corporate employees.