Collaboration tools make work-from-home easier, but they can cause costly breaches

September 9, 2020
A director at a Dutch company runs a remote meeting with his employees through a laptop over Zoom. People all over the world have relied on Zoom and other collaboration tools to stay productive during the pandemic, but there are security implications. Today’s columnist, Joe Payne of Code42, offers some insights on how companies can keep leveraging these tools and stay secure. (Photo by Robin Utrecht/SOPA Images/LightRocket via Getty Images)
  • Transparency. People want to work for a company that’s transparent and trustworthy. It’s important to tell employees exactly what the company does to monitor for insider risk. If the organization monitors endpoints to look for data that’s leaving the enterprise, companies need to tell employees this. Make sure they understand that the company trusts them, but that corporate IT will verify that they are living up to their obligations.
  • Training. Companies want employees to use collaboration platforms intelligently and in line with corporate policy. That means the company needs to first establish a well-thought out policy, and then teach team members the right ways to handle data. So the next time Bob decides to share a company file on Dropbox, the IT staff can email him a video demonstrating how to use OneDrive, the corporate sharing tool. Also, remind employees that work they create for the company will remain company property. If a John Deere employee builds a tractor while working for John Deere, she knows the tractor must stay when she leaves the company. The same holds true for the software that runs the tractor. The company also owns the software because they paid the engineer to write the code.
  • Technology. Even with the best training programs and being consistently transparent, there are still risks to company data from the actions of insiders. Companies need technology to verify that the team abides by the company’s policies, not downloading lots of data at odd hours of the day and saving it as ZIP files on thumb drives. The organization needs an automated way to detect when data gets moved in anomalous ways and then flag those events for further scrutiny.
prestitial ad