IT Risk Assessment Best Practices for Collaboration Success
As an IT Professional, you’re continuously evaluating and assessing security risks. A large part of this security risk assessment focuses on dealing with end-users and their at times questionable decisions. Information risk related to, for example, an unsecured Slack instance may be a high priority issue for the InfoSec team. However, at the same time, end-users are blithely collaborating, unaware of the security and information risks they introduce by side-stepping IT approval. The end-users’ goals are simple: they’re just trying to get stuff done. Unfortunately, they don’t see risk the way IT does. If security risk assessment is a concern at all, it’s an afterthought at best.
IT risk assessments often address end-user behavior. Many administrators aggressively lock down permissions on approved platforms. For instance, one commonly locked permission on Microsoft Teams is guest access. However, if users struggle to collaborate on these administered platforms, experience shows that they’ll do something even riskier to get around the restriction.
The cost of these actions is significant. Research from the Ponemon Institute found that the average global cost of insider threats rose 31% over the last two years to reach an average cost of $11.5 million. Not only has the cost risen, but the frequency has as well, by close to 50%. While we might think of insider threats as malicious, it’s negligent end-users that caused 62% of all insider threats, for the highest financial burden.
One bright spot of the study showed that the faster the threat was addressed, the lower the overall cost. This makes security risk assessment even more important. With that in mind, this post identifies the most frequent collaboration behaviors introduced by well-intentioned end-users while working with platforms like Microsoft Teams, Zoom and Slack. IT teams should be on the lookout for these common end-user-initiated issues and include them in their security risk assessments:
1) Adding (and then forgetting to track) guests from public domains.
An unmonitored guest represents a security risk, and guests from public domains double down on this threat. As an example, your company brings on a contractor who is added as a guest with a personal email. Six months down the line, the contractor changes jobs to a competitor company. While their work email is disabled, they can still access your company’s workspaces because they’ve used a personal email account. To prevent this, administrators can use native administrator consoles to blacklist all possible public domains. Third-party tools can also surface this information for easier monitoring and resolution.
2) Installing third-party apps from platform app stores with reckless abandon
Not all apps are created equal, but few end-users consider this when hitting the “Install” button. Many apps require extensive permissions. Though this information risk is surfaced to the person doing the install, most users will click “next” without a second thought. To prevent this behavior, IT has a few options. They can limit third-party apps entirely, or they can go through the manual process of approving and denying particular apps. Third-party tools can also assist in app administration and monitoring.
3) Sharing files through an unsanctioned application
With zero IT awareness or administration, this type of shadow IT is particularly risky. Who has access to these files? Are any of them shared publicly? This type of sharing is a security nightmare. Unsanctioned file sharing is most common with large files that end-users may not be able to transmit through traditional channels such as email or Microsoft Teams. Microsoft Teams channel posts are limited to 10 MB, while DropBox accepts files up to 50 GB. The key to minimizing this information risk is providing the proper tools to share safely and educating end-users on how to use them. By using the Teams files tab and linking to the file, users can share files up to 15GB. In some drastic cases, it may be worth considering a CASB app to limit unsanctioned SaaS access.
4) Changing sharing settings to “anyone with the link”
Another common issue with file sharing is changing the settings on the file to share publicly. This is a recipe for a data breach. In many cases, end-users do this because they’re struggling to properly share the file. They may have tried to share it explicitly with another person, but because the receiver is logged into the wrong account, they can’t get access. The fastest way for your user to collaborate is to open up those permissions. To resolve this, it’s best to prevent public sharing links. However, savvy end-users will find ways around this, potentially by downloading another application to get the job done.
5) Hosting all Zoom meetings using personal meeting ID (without a password notification)
While this meeting scenario might not seem like a security issue, picture the following: a top executive consistently hosts Zoom meetings using a personal meeting ID, including external meetings. Then, the executive hosts a highly sensitive leadership meeting and one of those external participants joins their planned meeting early. Unfortunately, this is the meeting equivalent of publicly sharing a file. If “Join before host” is also turned on, just imagine what a malevolent external party could do. The best solution is to disable the personal meeting ID function.
Connect with a Consultant
Don’t let information security concerns keep you up at night. Work with us to take the necessary steps to secure your workplace collaboration platform with our Security Rightrack offering.
6) Unmanaged free Slack instances
Slack is one of the easiest platforms to download and start using. On the end-user side, the free version has most of the functionality desired. However, the proliferation of free Slack instances means there is no administrator oversight, and secure configuration is a lost cause. Free Zoom accounts can also pose similar problems because of the lack of administration. The hardest part about taking control of these various Shadow IT instances is discovering all of them. Third-party tooling can assist in identifying Shadow IT and its owners. Post-discovery, consider upgrading to paid plans which include administrative consoles.
7) Creating and abandoning Teams and Slack channels
Many companies find themselves with more channels than users. A group may use a team or channel for a while. Then, the project ends, but the channel is left behind. Few users think about archiving and choose to abandon the useless channel instead. However, the data in this workspace continues to be accessible, and any guests remain. Clean-up is a necessity for data security, as well as to make it easy for end-users to find appropriate, active workspaces. Third-party tools can assist in this process by archiving based on inactivity.
Are aggressive and enthusiastic end-users challenging your IT risk assessments? We can help. PowerSuite, the industry-leading collaboration management, and security software surfaces key collaboration security and information risk blind spots. Whether you’re monitoring guests, or cracking down on rogue Slack instances, PowerSuite has you covered. Balance productivity with security to prevent Shadow IT. Learn more.