Stay safe while using workplace apps.
Workplace apps are almost omnipresent in the modern office. They are hugely helpful platforms which are enabling a modern way of working for many companies: distributed teams, remote employees, contracting and using freelance resource, deep collaboration, and more new practices. Most are aimed at increasing productivity, allowing for a smooth flow of communication amongst teams, and keeping documents, projects, and resources organised and easily available to everyone who needs to see them.
Workplace apps—like Zoom, G Suite, Slack, Trello, Dropbox, Notion, and the vast array of others—can be incredibly helpful tools in the modern workplace and improve the quality of work for many teams. They can also pose significant security risks. The following tips can help organisations to guard against and mitigate those risks while still enjoying the benefits of workplace apps.
Make a plan
One of the concerns that come with the use of workplace apps is how they are implemented within an organisation. Some of the workplace app tools require high levels of integration with a company’s systems—and while this is often necessary and even helpful as far as workflow goes, it needs to be carefully managed. Giving outside entities, particularly cloud-based ones, access to your network is always a risk.
It’s important to know which apps and productivity tools are being used within your company, and how. Before implementing them, they should be assessed for risk so that any appropriate controls are set in place beforehand. A standards-based approach will ensure that any tool is assessed and explored to ensure that it complies with minimum security standards prior to being implemented.
Guard the weakest link
Protecting your organisation’s core systems is one thing; the operational overhead involved in managing a slew of productivity tools with access to a lot of sensitive data is another. As these tools can be overlooked in systems security plans, they are often the weakest link.
Employee behaviour is often a gap in the security fence that’s difficult to keep closed, and often people will let their guard down even further on messaging and collaboration apps like Slack or Skype. A study by Symphony, experts in secure collaboration, revealed that while 93% of workers in the US and UK are confident that any information shared over collaboration platforms is safe from external viewing, 27% are not aware of their employers’ IT guidelines—a dangerous mix.
Someone gaining unauthorised access to a Slack account may find privileged information that can help them to wreak further damage. Some of these tools blur the lines between personal and professional, and it’s crucial to ensure that employees keep up security standards in how they access and protect their accounts.
Develop policy and Classify data
All of these workplace apps and productivity tools disseminate and/or process information. Ensure that you employ policy which covers the use, processing and storage of corporate information. Some data may be ok to store in the cloud while other is not. Likewise, the use of productivity tools should align with policy for dissemination of corporate of agency data. NZISM has specific guidelines for the secure processing of classified data and the control systems for the various vendors, which need to meet minimum certification and accreditation requirements.
Call in the experts
If the security certification of a particular tool is difficult to understand, unclear, or nonexistent, it’s always a good idea to call in the experts! Security professionals like CANDA can help you to develop systems and safeguards against cyber threats, and keep your company safe even in the face of workplace apps and productivity tools. We are experienced in risk assessment and can take stock of a particular platform to ascertain whether and how it can be used securely.
Contact the CANDA team to discuss how they can guide your use of workplace apps.