Since the start of the pandemic, business use of collaboration tools has soared — bringing new security and compliance challenges.
- Collaboration tools like MS Teams and Zoom are contributing greatly to employee productivity — especially for those working from home.
- But team building and productivity apps also impose new cybersecurity and compliance challenges.
- CISOs, GRC professionals, IT leaders and their teams need to ensure that the data protection mechanisms they have in place are sufficient to secure collaboration tools.
When the COVID-19 pandemic was declared, millions of employees around the world made an almost overnight transition from a corporate to a home office. Suddenly, collaboration tools like Slack, Zoom and Microsoft Teams went into much wider use.
Market leader Microsoft reported that user numbers for Teams soared 625% from 20 million in November 2019 to 145 million as of April 2021, according to Archiving and Data Protection with Microsoft Teams, a new Osterman Research white paper sponsored by Mimecast. Rival Slack’s customer base also grew rapidly, if perhaps somewhat less prodigiously. During its fourth fiscal quarter of 2020, the company went from 105,000 to 110,000 users — a 5% jump. Then, immediately following, it added another 7,000 users in just 47 days.
Zoom’s uptake meanwhile was even more dramatic. Prior to March 2020, the video conferencing service’s usage was approximately 10 million daily meeting participants. By April last year, that number exploded to 300 million, according to the Osterman Research paper.
Another measure of these tools’ newfound popularity: Among the 1,225 information technology and cybersecurity professionals from 10 countries who were surveyed for Mimecast’s recently completed State of Email Security 2021 (SOES) report, virtually all of them (98%) say their companies have adopted team building and productivity software.
The Advantages of Online Collaboration Tools
The ability to collaborate online allows employees to work with others from any location, a huge advantage when workplaces are shuttered and co-workers suddenly find themselves widely dispersed. These benefits are magnified when customers and supply-chain partners find themselves in a similar predicament. Business can continue, perhaps not as usual, but in a safe and efficient manner.
But beyond helping companies respond to the exigencies imposed by the pandemic, these applications are being embraced for the increased efficiencies they offer. In a pre-pandemic study by Deloitte, three-quarters of the businesspeople surveyed said collaboration tools can improve productivity levels by as much as 25%. One reason, according to another pre-pandemic survey by Adobe, is that employees typically spend three hours a day searching for information and writing emails. By simplifying access to relevant information, collaboration tools can significantly reduce the time required for these tasks.
But Are Collaboration Tools Secure?
But as useful as collaboration tools have become, CISOs, information governance professionals and corporate legal officers wonder whether their cybersecurity and data archiving procedures are an adequate match for the risks posed by these platforms. Among the SOES survey participants, more than two-thirds (70%) expressed concern about safeguarding and archiving the privileged business conversations that take place through these programs.
In some countries, these fears are even more pronounced. For example, the number of SOES respondents with concerns over the safety of their companies’ collaboration tools ranged from three-out-of-four in the U.S. (75%) and Australia (76%), to nearly nine out of 10 (88%) in the United Arab Emirates.
Likewise, certain industries that make greater use of collaboration tools exhibit greater anxiety over their safety. These include the construction, energy, consumer services and business services sectors, where the level of concern ranged from 76% (construction) to 86% (business and professional services) of respondents.
The Cybersecurity Risks Arising from Collaboration Tools
Security and compliance professionals cite a number of risks that have been either introduced or exacerbated by the proliferation of these applications. Chief among them are:
- The growing volume of chats, documents and other data records exchanged by employees. Since they often contain proprietary information and are frequently retained in a central location, these records have become a prime target for cybercriminals.
- Unauthorized data sharing, such as users exchanging passwords or sensitive data to expedite their work. Practices of this sort heighten the chances of a successful cyberattack or a serious regulatory infraction.
- Employee use of unsanctioned tools and personal devices. Since these generally fall outside the corporate security perimeter, they increase the odds of a data breach or compliance violation.
- Greater potential for data loss. Since many employees now have access rights to a broader assortment of data, the odds go way up that some of it will be leaked or deleted, either inadvertently or intentionally.
- The omission of material records from e-discovery searches. Since many archiving solutions can’t capture the full range of data types used by various collaboration programs, legal and compliance officers are struggling to sort through all the relevant conversations and documents that these tools generate.
Given the scope of these challenges, more companies are reconsidering whether their current approach to data loss prevention and archiving is still adequate in the face of new threats. In this context, the new report on archiving MS Teams by Osterman Research is revealing. The study finds that close to half of the survey respondents (47%) believe that third-party security and archiving solutions offer greater protection than similar tools included with MS Teams and other collaboration programs.
The Bottom Line
Though spurred by global restrictions on travel and in-person meetings, companies show no sign of slowing their use of collaboration tools like Slack and Microsoft Teams for team building, customer meetings and project coordination. But embracing these apps has led to a new set of cybersecurity challenges. In response, CISOs and their teams need to ensure that their data protection mechanisms are sufficient to secure all their organizations’ digital assets — including collaboration tools and their archival records. Join us on June 8 at Governance, Risk and Compliance Day to learn more.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly