Collaborate without compromise: communicating securelyApr 16, 2020
During these tumultuous times, the need for organizations to remain operational while keeping their employees safe and productive has created a sudden demand for remote work capabilities. There’s no shortage of apps on the market that make connectivity simple - Zoom, Slack, WebEx, GoToMeeting, G Suite, Office365 and more - but do they provide a secure experience? This is one of the first questions organizations need to consider when choosing new collaboration tools for their teams.
To help simplify your approach to evaluating collaboration tools (which these days, often needs to be done on the fly), we have highlighted some of the most important factors to consider:
Understand your needs
Take stock and assess the needs of your organization, including the volume of users, average meeting size/number of attendees and the types of data you are comfortable being shared on a platform outside your organization.
Integrated or standalone solution?
Having confirmed your needs, use this info to help determine whether an integrated solution, (Office365, G Suite, etc.), or a standalone application, (Slack, Skype, etc.) is the best option for your employees.
Review compliance and regulatory requirements
Before narrowing down your options, be sure to review the compliance and regulatory requirements that apply to your organization, confirming the applications being considered don’t conflict with or violate them. This could include where the data is hosted geographically, if the data will move across borders, the privacy requirements of your company and/or customers, and the like.
Security, security, security
Be sure to investigate different aspects of security, both within the app and your own environment. Consider,
How does the app maintain the confidentiality and privacy of your data, metadata and employees?
Is encryption included and does it meet your requirements?
Within the application, what are the default security settings? Can these easily be tightened or rolled back to provide additional security? For example, ask yourself, does the app need to have access to your contacts to function?
Are there additional internal controls within your network that can be used as an extra layer of security, to ensure all employees are using the application securely? For example, locking down features available to users, limiting a user’s ability to alter privacy and security settings, etc.
How easy is it to add, remove and block participants, especially those outside your organization?
Educate your employees
Provide employees with thorough guidance on how to securely use collaboration tools. Clearly define and share with your team:
What types of data can and/or cannot be shared within the application,
Information on important features that help control access, including:
waiting rooms which ensure the meeting doesn’t start until the host joins,
lock features that prevent anyone else from joining once all parties have arrived, and,
screen share settings which can be used to limit who can share content and record the meeting.
Best practices, including:
only accepting meeting invites from people you know and trust, and,
avoiding the reuse of old meeting links and passwords.
Given the hectic nature of the last few weeks, it can be tempting to simply opt for the quickest solution. Unfortunately, the savings in time may come at the cost of the security and privacy of your organization, customers, employees and data..
The TELUS Cyber Security team is here and available to provide guidance and support should you need help in the coming days and weeks. #weareallinthistogether
To learn more about keeping your customers, employees and data secure, visit telus.com/cybersecurity.