Collaborate without compromise: communicating securely
Security · Apr 16, 2020
During these tumultuous times, the need for organizations to remain operational while keeping their employees safe and productive has created a sudden demand for remote work capabilities. There’s no shortage of applications in the market that make it simple to connect remotely - Zoom, Slack, WebEx, GoToMeeting, G Suite, Microsoft 365 and more - but do they provide a secure experience? This is one of the first questions organizations need to consider when choosing new collaboration tools for their teams.
To help simplify your approach to evaluating collaboration tools (which these days, often needs to be done on the fly), we have highlighted some of the most important factors to consider:
Understand your needs
Take stock and assess the needs of your organization, including the volume of users, average meeting size/number of attendees and the types of data you are comfortable being shared on a platform outside your organization.
Select the right applications and integrations
Having confirmed your needs, use this info to help determine which platforms and applications for communication, collaboration, and productivity (TELUS Business Connect, TELUS Cloud Collaboration, Skype for Business, Slack, Webex, Microsoft 365, G Suite, etc.) are the best options for your employees. Give careful consideration to which integrations you’ll require, plus how your end-to-end solution will be implemented, managed and supported.
Review compliance and regulatory requirements
Before narrowing down your options, be sure to review the compliance and regulatory requirements that apply to your organization, confirming the applications being considered don’t conflict with or violate them. This could include where the data is hosted geographically, if the data will move across borders, the privacy requirements of your company and/or customers, and the like.
Security, security, security
Be sure to investigate different aspects of security, both within the app and your own environment. Consider,
How does the app maintain the confidentiality and privacy of your data, metadata and employees?
Is encryption included and does it meet your requirements?
Within the application, what are the default security settings? Can these easily be tightened or rolled back to provide additional security? For example, ask yourself, does the app need to have access to your contacts to function?
Are there additional internal controls within your network that can be used as an extra layer of security, to ensure all employees are using the application securely? For example, locking down features available to users, limiting a user’s ability to alter privacy and security settings, etc.
How easy is it to add, remove and block participants, especially those outside your organization?
Educate your employees
Provide employees with thorough guidance on how to securely use collaboration tools. Clearly define and share with your team:
What types of data can and/or cannot be shared within the application,
Information on important features that help control access, including:
waiting rooms which ensure the meeting doesn’t start until the host joins,
lock features that prevent anyone else from joining once all parties have arrived, and,
screen share settings which can be used to limit who can share content and record the meeting.
Best practices, including:
only accepting meeting invites from people you know and trust, and,
avoiding the reuse of old meeting links and passwords.
Reputable organizations like the Canadian Centre for Cyber Security and NIST can also serve as reliable sources for guidance on protecting your security when using virtual meeting apps.
Given the hectic nature of the last few weeks, it can be tempting to simply opt for the quickest solution. Unfortunately, the savings in time may come at the cost of the security and privacy of your organization, customers, employees and data..
The TELUS Cyber Security team is here and available to provide guidance and support should you need help in the coming days and weeks. #weareallinthistogether
To learn more about keeping your customers, employees and data secure, visit telus.com/cybersecurity.