The pandemic process has greatly increased the transition to the new working order and the online working platform usage rate for companies. In this process, businesses started to use many helpful platforms such as Slack, Microsoft Teams and Zoom. Komtera Technology Sales Director Gürsel Tursun, who states that cooperation and communication tools provided by third-party services make companies open targets for cyber attacks, lists what IT teams should do in 7 steps to protect against security risks in such applications from cyber attacks.
Collaboration tools that provide convenience for information flow and meetings also bring new security threats for companies. Although some of the online collaboration tools, which are heavily used by companies, are specially designed for organizations, they generally appear as services provided by third parties. According to Komtera Technology Sales Director Gürsel Tursun, who stated that the demand for online collaboration tools in the remote or hybrid working model is increasing day by day, security vulnerabilities in online collaboration tools cause employees to become an important target for cyber attacks. Evaluating this situation, which is an opportunity for hackers who want to access and misuse business data, by IT employees, Tursun explains in 7 steps how IT teams manage new collaboration tools against security risks, and what businesses should do to protect them from cyber attacks.
IT Teams Have a Big Job!
With the increase in the use of online collaboration tools, the workload of IT teams has also increased. The most preferred online collaboration tools for data sharing and meetings during the pandemic process appear as platforms where data of employees and companies can be easily accessed. An online application provided by third-party services makes users the target of hackers. Users log in to online platforms with their personal data and e-mail addresses. IT teams should pay attention to security measures, especially for organizations with a remote working model. Planning and continuous monitoring are required in order to be able to respond to malicious data attacks by hackers. At this point, IT teams aim to provide a protection method for cyber attacks with 7 steps.
1. Take control of your SaaS deployment.
It is estimated that the average company of 1,000 people using software as a service (SaaS) applications exposes their data to 1,000 to 15,000 external collaborators. While on average between 200 and 3,000 companies can access any company’s data, about 20% of a typical organization’s SaaS files are shared internally with anyone who can click a link. What companies want to do is give employees the tools they need, make them user-friendly, make them accessible, but still be able to manage the application. In order for this process to proceed smoothly, the spread of SaaS must be controlled by the IT teams.
2. Check documents shared when employees leave.
When employees leave a company, they often gain access to shared documents and collaboration tools like Slack. If the account is linked to a company email, when the email is deprecated, the employee loses all access to their applications. To protect future data, IT teams must completely stop access when an employee leaves the job.
3. Limit exposure to personal information.
Collaboration tools pose two main types of risk for exposure to personally identifiable information (PII). First, employees can misuse PII by sharing documents through the collaboration platform. Second, insiders can gain unauthorized access. The problem security teams face is that collaboration tools don’t set up as enterprise platforms where administrators can set policy controls.
4. Protect third-party applications by changing API keys.
In the past, hackers needed VPN access to break into a network, or they had to phishing an employee to get in. All they need today is access to API keys. To secure API keys, first ensure that users can only gain network access from a specific IP address. Second, constantly change API keys to suit the organization.
5. Focus on protecting customer data.
The shift to work from home and hybrid work has created more opportunities for data exposure. During the pandemic, it seems that sensitive company documents are increasingly distributed on employees’ personal or remote devices without being protected or appropriate policies in place to mitigate security risks. First and foremost, security teams need to protect customer data. Customer data is especially valuable for hackers. They should also pinpoint what employees do with apps and how much data they create with collaboration tools.
6. Build compliance and audit processes on your collaboration platforms.
Collaboration platforms can pose a compliance risk if they are not integrated into standard audit and compliance processes. This could expose the company to significant fines and risks of data loss.
7. Add the use of the collaboration tool to your security awareness training.
When you add Slack or Teams to the organization, a new element of risk arises when employees receive messages from outside the company, or even from their departments. They don’t think so carefully about their Slack or Teams messages because they tend to think it’s from a coworker or someone in their department. The most important point to consider when using online platforms is to train them not to click on the e-mail information they subscribe to and suspicious-looking e-mail links and attachments.