With employees sharing sensitive company and customer data and documents on cloud-based platforms, the need for security education should become a priority for businesses.
Online security threats lurk behind every corner. Only a couple of weeks ago, the bug dubbed Heartbleed highlighted the vulnerability of thousands of websites and organisations, putting millions of Internet users around the world at risk of password theft. Around the same time, online collaborators were crippled by a Distributed Denial of Service (DDoS) attack, targeting a popular collaboration platform and making the service unavailable for several hours.
Given the huge impact of all things online on our personal and professional lives in the always-connected world, it’s impossible to shield yourself from all Internet-related security risks. You could walk on the street with a high-visibility vest and a hard hat, but you might still trip and hurt yourself! We are just going to have to accept taking risks.
And why not? A recent survey by KPN Consulting suggests that one in eight employees save business data using free collaboration and document sharing tools. As the popularity of online collaboration tools grows, what can you really do to protect yourself, your intellectual property, your customers’ data, and ultimately your reputation and bottom line?
Online collaboration platforms are part of the much-talked-about Bring Your Own trend, which involves employees making their own technology choices based on what is most convenient for them, instead of necessarily using the software dictated by the business. Employees have adopted a range of different cloud-based tools to help them communicate more effectively and work together on documents more easily with their colleagues.
In the context of cloud tools and online collaboration, IT security could be described as a house built on three pillars: trust; assurance; and protecting your data with the right software. Trust includes things such as the privacy statement and cookie policy of the cloud-based collaboration platform. Assurance is a certification or a stamp of approval from a third party. With an ISO27001 certificate, for example, you know that the cloud collaboration tool in question is compliant with international security standards.
In an ideal world, every cloud solution would adhere strictly to these three pillars. However, that’s not always the case when it comes to some tools. Everything comes at a price, and some cloud solutions’ revenues depend on the data that you store in their cloud. What this means in practice is that some of these companies sell ads based on the content of your data. Furthermore, they are sometimes the owners of the data that you upload – so your business-critical, sensitive documents are not ‘yours’ in the traditional sense of the word. The challenge is that many keen users don’t read the fine print, putting the integrity of your business data at risk.
The physical location of your data is also a key consideration when it comes to third party access to your data. To illustrate, if you are using a US cloud collaboration service with servers located in the US only, your data comes under US legislation. This means that a US government agency such as the NSA can gain access to your data.
So what can you do? It will be counterproductive to try to control your employees online 24/7. The key is to adopt a simple, open, company-wide policy and to achieve a balance between security and user friendliness, which will empower employees to make the most of cloud-based tools. Talk openly to your staff about the issues involved, including the potential pitfalls of using free collaboration tools. Make sure that they understand the possible consequences, such as crippling fines and a tarnished reputation, if sensitive customer information or intellectual property gets in the wrong hands.
Ultimately, there is no point in fighting back, as your employees are bound to embrace any tool or technology that will make their lives easier by enabling them to access the data and documents they need whenever, wherever. You shouldn’t shy away from using cloud-based collaboration tools, but you should read the fine print to make sure your business won’t be at risk.
Always online and always accessible – it doesn’t have to mean that you’re always vulnerable.
Erkan Kahraman, CISO, Projectplace.
Share this story
