Have You Considered the High Cyber Security Cost of Collaborative Work?
Using the right tools keeps your business agile and productive—but it can also mean lapses in cyber security.
Technology makes a lot of good things happen. You can attend or host a remote meeting, work collaboratively regardless of location, and share documents and work-product with ease. Add project-based contingent workers, and you have a streamlined workplace with high productivity.
Yet the very tools and techniques you use to boost business could put you out of business, if you suffer a serious data breach or distributed denial of service attack (DDoS). In October 2016, internet infrastructure provider Dyn was struck by the largest DDoS attack known to date. The outage, which made major websites on the East Coast inaccessible, rightly got a lot of attention.
Downtime costs a lot of money and time. Some small businesses have a hard time recovering when knocked off line. If accompanied by ransomware, a business without data backup can suffer irreversible financial and reputational damage. Loss of traffic, potential sales, intellectual property, or the disclosure of confidential data all make network breaches disastrous.
The strength of the attack against Dyn was fueled by the Internet of Things (IoT), devices hijacked and used remotely by bad actors. What does this have to do with how you run your workplace? A lot. Let’s take a look at some of the security gaps that could appear in a fast-paced workplace:
- Collaborative communication software: Instant messaging through chat boosts productivity, reduces email, stores information in one place, and supports collaboration. Your favorite collaborative tool and mine, Slack, has been hacked a couple of times. By all reports, Slack addresses these issues effectively, until the next one appears. Slack’s integration capabilities and its storage of correspondence make it valuable. But remember, it doesn’t make it invulnerable. Keep a heads-up on the information you put on your chat software, how it is protected, and what you could lose if exposed.
- The gig economy: According to a 2015 survey, 34 percent of the American workforce is freelance. Those numbers continue to rise. Freelance means contract work, consultants, and your project-based workers. The contingent workforce allows you to scale up with the skills, or labor, you need without the cost of a permanent hire. For companies that do not tighten up the interface between their company and contingent workers, data breaches can occur. Create contract documents that require understanding of the use of passwords and confidential information. Provide access to consultants on an “as-needed” basis. Offer training and educate all contingent workers on your security practices and expectations. Terminate access and passwords when the project is completed. With the right onboarding and offboarding, freelance workers offer value—not security risk.
- Video conferencing: The video conferencing software you use is only as secure as the vendor who provides it. If you work in a regulated industry, be cautious of attending, promoting, or initiating webinars, meetings, or video connections that could be insecure. Video meetings are now an integral business tool, saving travel time and tremendous cost. Whether you use video conference or collaborative software—remember—your network and data are only as secure as the weakest link in your digital landscape.
- Bring your own device (BYOD): Smartphones, tablets, and laptops extend the workplace beyond your doors. Segregating work and personal devices is close to impossible except in high security settings. Insecure apps, inadvertent disclosures, or unprotected access to a mobile device could add to a malicious botnet, or information needed to breach your data network.
Social engineering, the tactics used by hackers to gain valuable information from unsuspecting employees or consumers, could be in play at any time in your workplace.
An unfamiliar call or email asking for an access code could be innocent, or it could lead to infiltration of your network. Even physical visitors could be a security risk—looking at hardware, routers, or glancing at software. Many offices no longer make use of gatekeeper receptionists—be sure everyone walking in your space belongs in your space. Even a convincing repair vendor should show appropriate identification. Social engineering takes advantage of human relationships, in person, on the phone, via email, or in an app environment.
Too often, and perhaps necessarily, digital security is an extended game of Whack-a-Mole. Plug the gap where it appears and start looking for the next one. Collaborative work practices are great, until they are not. Be sure your tools, data—and company brand—are protected.