Collaboration platforms have played a vital role in keeping businesses connected and operational over the past 18 months but that’s not to say they’ve come without risk.
Workflows and business communication changed as people across the world were confined to their homes, creating challenges from a security and privacy perspective.
From sending inappropriate files over chat, to inviting too many people into meetings, businesses have been exposed to multiple new threats – according to RingCentral’s Chief Information Security Officer, Heather Hinton.
“It increased the risk posture in many companies from a host of different points of view,” she told UC Today. “People weren’t experienced in how to work from home.”
“They would let anyone in and say things on video or in chat that should have been limited to a much smaller group. or they’d let people into meetings that maybe shouldn’t have been, or they exhausted themselves by attending too many meetings.
“From a security point of view, this has greatly increased the potential for insider threat.”
This insider threat is, of course, not necessarily intentional. However, many employees are suffering from meeting fatigue because of how reliant businesses have become on virtual meeting platforms.
Video meetings at work have become, for many, one of the few chances they have to interact with other people beyond chat. This has in turn led to a culture of inviting too many people into meetings, Hinton said, because no-one wants to be left out.
But she added that many businesses have opened their eyes now the initial rush towards remote working has ended – nudged along, in part, by high-profile cybersecurity incidents such as the SolarWinds hack.
“Initially no one was paying attention to it; they just had to continue communicating,” Hinton added.
“But then there were a couple of high-profile incidents in the news that served as wake-up calls. People said, ‘hang on a second, this is something I need to pay attention to’, and now they absolutely are.”
One of the key aspects of security that businesses are turning to is encryption within communication and collaboration, Hinton said.
RingCentral recently launched end-to-end encryption for ad-hoc and scheduled meetings, with users given the option to turn the extra layer of security on or off. The programme is currently in open beta and is expected to hit general availability in October 2021, with dynamic (in-meeting, on-demand) end-to-end encryption expected by year end.
“We, as the vendors, have upped our game as well,” Hinton said.
“From my point of view, it lessens the burden on RingCentral because we don’t have access to the customer’s meetings and conversations.
“I can tell people how E2E encryption works and show them the protocol, and then the conversations about RingCentral’s access to customer content do become less important – because we never have access to that data.”
There are, however, some drawbacks to user experience that come with E2E encryption. Some features that are usually readily available, such as transcription, can no longer be used.
This has to be taken into account when deciding if E2E encryption is the most effective method of protection in all situations, although RingCentral is planning to lessen this impact over time.
“We don’t have access to the communication content when E2E encryption is turned on which means that customers don’t get the fully enriched experience,” Hinton said.
“If a business is considering accessibility – for example there might be people on a meeting with hearing impairment – they won’t be able to have transcriptions when E2E encryption is turned on because we don’t have access to the call.
“But what we’re going to do at RingCentral is move as much of that functionality to the client side as possible because accessibility is a very important part of communicating and collaborating.”
Data Exfiltration
Hinton said that the second area businesses are most concerned about is data exfiltration, particularly with regards to chat threads on collaboration platforms.
She explained that some of these platforms were adopted so quickly, sometimes overnight, that businesses did not have time to implement adequate security processes and protocols.
At the same time, users were sharing files on these tools and, perhaps, on tools that they would use in their personal lives.
“It’s really easy to send files around and now people are starting to ask if they should actually be sending them,” Hinton explained.
“Maybe they’ve opened up the platform so they can collaborate with partners in different organisations, but then accidentally given that partner access to something that they shouldn’t have access to.
“That’s the next thing that I think people are going to start paying attention to and we need to educate users, because it always boils down to the user.
“A business’ first line of defence is its users but then there are also data loss prevention solutions; it has to be whatever makes sense for an organisation’s working environment.”
The Future is Hybrid
It’s widely accepted that most businesses will adopt a hybrid culture when they’re able to do so, with a mixture of people working in the office and working remotely. The implications of this are huge from both a collaboration and cybersecurity point of view.
The temptation may be to put new systems and security in place now, but Hinton said that businesses need to resist this urge – and not buckle under pressure from senior leadership that are nervous about their company’s future-of-work posture.
Instead, they need to do their best to envisage how their working culture is going to look in the long term and implement an ongoing plan that includes security.
“I think that businesses need to sit down and think about what their workplace is going to look like, and then they need to understand the impact of having people who are geographically diverse,” she said.
“Is it going to be a hybrid? Does everyone have a dedicated desk or do people share? How do I build cohesion in the team? Businesses need to be very deliberate about how they think this is going to work, and it’s unfortunately still a best guess.
“Then you prioritise the quick wins that you can get for your users. They might be E2E encryption for video meetings, or it could be that I’m going to put DLP on everybody’s workplace so nobody can send documents. It could be as simple as issuing new badges with updated photos of the employee or new education modules on how to manage stress and work-life in a working-from-home-with-small-children situation ”
“What you pick as your quick wins depends on your business, but you need to have a longer-term roadmap and you need to be very thoughtful.”
The way that we communicate and collaborate at work may have changed forever, but one thing that hasn’t changed at all is the need to do this in a safe and secure way.
from UC Today https://ift.tt/3ieagUm
0 Comments