With employees sharing sensitive company and customer data and documents on cloud-based platforms, the need for security education should become a priority for businesses.
Online security threats lurk behind every corner. Only a couple of weeks ago, the bug dubbed Heartbleed highlighted the vulnerability of thousands of websites and organisations, putting millions of Internet users around the world at risk of password theft. Around the same time, online collaborators were crippled by a Distributed Denial of Service (DDoS) attack, targeting a popular collaboration platform and making the service unavailable for several hours. Given the huge impact of all things online on our personal and professional lives in the always-connected world, it’s impossible to shield yourself from all Internet-related security risks. You could walk on the street with a high-visibility vest and a hard hat, but you might still trip and hurt yourself! We are just going to have to accept taking risks. And why not? A recent survey by KPN Consulting suggests that one in eight employees save business data using free collaboration and document sharing tools. As the popularity of online collaboration tools grows, what can you really do to protect yourself, your intellectual property, your customers’ data, and ultimately your reputation and bottom line? Online collaboration platforms are part of the much-talked-about Bring Your Own trend, which involves employees making their own technology choices based on what is most convenient for them, instead of necessarily using the software dictated by the business. Employees have adopted a range of different cloud-based tools to help them communicate more effectively and work together on documents more easily with their colleagues. In the context of cloud tools and online collaboration, IT security could be described as a house built on three pillars: trust; assurance; and protecting your data with the right software. Trust includes things such as the privacy statement and cookie policy of the cloud-based collaboration platform. Assurance is a certification or a stamp of approval from a third party. With an ISO27001 certificate, for example, you know that the cloud collaboration tool in question is compliant with international security standards. In an ideal world, every cloud solution would adhere strictly to these three pillars. However, that’s not always the case when it comes to some tools. Everything comes at a price, and some cloud solutions’ revenues depend on the data that you store in their cloud. What this means in practice is that some of these companies sell ads based on the content of your data. Furthermore, they are sometimes the owners of the data that you upload – so your business-critical, sensitive documents are not ‘yours’ in the traditional sense of the word. The challenge is that many keen users don’t read the fine print, putting the integrity of your business data at risk. The physical location of your data is also a key consideration when it comes to third party access to your data. To illustrate, if you are using a US cloud collaboration service with servers located in the US only, your data comes under US legislation. This means that a US government agency such as the NSA can gain access to your data. So what can you do? It will be counterproductive to try to control your employees online 24/7. The key is to adopt a simple, open, company-wide policy and to achieve a balance between security and user friendliness, which will empower employees to make the most of cloud-based tools. Talk openly to your staff about the issues involved, including the potential pitfalls of using free collaboration tools. Make sure that they understand the possible consequences, such as crippling fines and a tarnished reputation, if sensitive customer information or intellectual property gets in the wrong hands. Ultimately, there is no point in fighting back, as your employees are bound to embrace any tool or technology that will make their lives easier by enabling them to access the data and documents they need whenever, wherever. You shouldn’t shy away from using cloud-based collaboration tools, but you should read the fine print to make sure your business won’t be at risk. Always online and always accessible – it doesn’t have to mean that you’re always vulnerable. Erkan Kahraman, CISO, Projectplace.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.