Collaboration tools carry potential security risks | Boardroom Events
Phone | +1 786 361 0454

New to site?


Login

Lost password? (X)

Already have an account?


Signup

(X)

Blog

Collaboration tools carry potential security risks

Collaboration tools, such as work product-associated platforms such as Asana and chat-based platforms such as Slack and Yammer, are quickly becoming the norm in businesses the world over. Unlike email, collaboration allows for a more free and responsive degree of communication. When collaborators use a project-management featured tool, such as Asana or Trello, project cards can be updated contemporaneously. This adds a transparency benefit that can make waiting for email replies unnecessary. Collaboration tools combine ease of communication with facilitated project and workflow management.

These tools are intuitive and highly functional, which explains their popularity. Although they facilitate work communication, collaboration tools can also present varying security risks. Some of the risks are similar to those present in other communication tools, such as email, while other risks are unique to how collaboration tools work and are employed across organizations.

Collaboration and the cloud

The first vulnerability that companies face with collaboration is not unique to these communication tools. Organizations are moving to the cloud almost simultaneously with their near-mass adoption of collaboration tools as the preferred communication method. Off-premises email, document storage and production join real-time messaging as popular cloud-based platforms that are poised to become the norm across the majority of businesses and organizations.

Organizations have taken steps to secure cloud-based information, primarily through end-to-end encryption. When handled correctly, along with properly followed procedures on the user-end, these security methods are highly effective in protecting data. Human error and maliciousness, though, can create a break in the armor of security.

Collaboration and the cloud create additional risks primarily when organizations permit communication of sensitive information across nonsecure channels, such as Slack. The issue, then, becomes less of a technology concern and more of a need to create policies and educate users about the levels of security in collaboration.

How cybercriminals can exploit collaboration tools

Application programming interfaces can provide access for bad actors to infiltrate collaboration software. The same technologies that enable seamless communication and collaboration also present vulnerabilities, and bad actors invest time and resources in finding these weaknesses.

One example of how these collaboration tools can be infiltrated is through the use of a third-party app to link a collaboration account, such as Slack, with another cloud-based account, such as a customer relationship manager. This nefarious app then acts as a Trojan horse as it collects or leaks data.

As an example of how hackers are continuously looking to find weaknesses, there was an identified vulnerability that related to how Slack handled customer support tickets. When there was an issue, Slack created a domain email account as customer support login. This, then, allowed a holder of one of these accounts to jump into another Slack team account since the domain looked legitimate.

Beyond this sort of crafty single bad actor attacks, collaboration presents a security problem that can happen with email or even through voice communication. If a user transmits sensitive information over a collaboration tool, there is a risk of not knowing exactly who is viewing or collecting the data on the other side. In this case, strict policies outlining what information is appropriately communicated over a collaboration tool can be most effective.

Should collaboration tools be avoided?

The short answer is no, as they are no more vulnerable than other modes of communication, such as cloud-based email. Even on-premises email is vulnerable to attack through on-premises login attempts. Collaboration vendors, such as Cisco, have created tools that integrate end-to-end encryption, and although they are not there yet, Microsoft’s Yammer and Slack are likely moving in this direction. There are difficulties in administering a fully encrypted messaging since supporting search and compliance may require decrypting.

Until end-to-end encryption becomes fully adopted across collaboration tools, large organizations can establish security levels and policies for collaboration environments. Collaboration provides a great deal of flexibility in exchanging information and speeding up workflows. Just like any other technology, it is ripe for bad actors to infiltrate. Certain security measures can be put into place to fend off attacks, and policies can be put into place to classify the information that enters the collaboration stream.


Leave A Comment

Leave A Comment

Join Us!