Collaboration Tools and Information Security
Collaboration Tools and Information and Security
As we navigate our work environments through a pandemic, technology has certainly played a key role, contributing to our ability to meet and work collaboratively. We have seen file sharing, web conferencing, electronic mail, and other collaboration platforms take the place of water cooler conversations, team meetings, and USB drives.
With the use of these collaboration tools, information security controls should not only be considered, but should be a key factor in deciding how and where to implement these solutions:
- If you are collaborating with an outside entity? If so, do you have appropriate security or nondisclosure agreements in place to protect any data or communications that is shared? Is your business partner providing minimum necessary access to their associates? Communications and collaboration with these tools should be treated as an exchange of sensitive information and should be protected as such.
- Are your access control rules configured in such a way that only minimum necessary access is provided to your associates? Typically, security rights and entitlements can be configured on a team-by-team basis. Sensitive information can be shared in the way of chat/dialogue or file sharing and these exchanges should be protected.
- Do you have monitoring and logging tools in place to detect when information egress or ingress may be taking place? Data leakage has become a prime concern with the use of collaboration tools. Monitoring software can detect sensitive information before it leaves the organization. Additionally, creating and maintaining logs of activity may be relevant in the event of a security incident or eDiscovery.
- Do you have acceptable use rules and guidelines in place for the use of collaboration tools? In addition to the technical controls, associates should be educated and informed on the proper use of these platforms.
Once again, technology is providing organizations a tremendous amount of latitude in their efforts to maintain business continuity. The planning, deployment, and use of the tools should be handled
Be aware of your Information Security Policies and Procedures.
Always consult your Privacy and Security Official with questions!