Common security mistakes in collaboration tools

Collaboration tools have become all the rage, but has your IT department closed all security gaps.

security mistakes in collaboration tools

Working together

Collaboration tools have become widely used across organizations today, as people come to rely on these handy tools to work more efficiently. They reduce reliance on email, increase conversation between teams and provide an easy way to share information with colleagues. However, with many workplace applications today, there are so many gaps where security settings can fail, and corporate IT is beginning to take notice. Mike McCamon, president at SpiderOak, recommends staying away from these common security and privacy mistakes.

security mistakes in collaboration tools

Web browsers

Many—if not most—collaboration tools these days are primarily delivered through a web browser, and there are vulnerabilities in this approach: malware, plugins, cookies and any number of other bad things can threaten your online security. Even if your online activity is done with security in mind, if just one team member isn’t up to date on their privacy settings, the entire organization’s data is vulnerable. The only way to protect your organization from these kinds of vulnerabilities is to make sure your collaboration tool can be fully downloaded to a device, instead of existing on the web.

security mistakes in collaboration tools
Thinkstock

Passwords

Despite many websites’ requirements for long, multi-character passwords, there are countless ways in which passwords can be compromised that have little to do with their complexity or length. Through phishing scams, spam and simple guesswork, passwords are an increasingly popular entry point for cybercriminals. Businesses should ensure their applications use a recovery-key concept for lost devices, instead of the more common and less secure password challenge model.

security mistakes in collaboration tools

Email digests

Many applications use email digests as a way to recap the day’s conversations or to get teammates up to speed on company highlights. Why take the time to type content into a secure collaboration tool only to have one of your team members have that data summarized, and then sent over the internet? Transport, delivery and storage of e-mail is far from secure today—just look at the recent DNC or Sony hacks. The digests may be helpful for some, but any sort of digest should be featured within the application to maximize security.

security mistakes in collaboration tools
Mikel Iturbe Urretxa (Creative Commons BY or BY-SA)

Auto-expanding link previews

When someone sends a link to a website in most collaboration tools, the app by default will pull into meta-data to include inline with message thread. Depending on its implementation, this automatic behavior can be very insecure: it automatically downloads the content to your device, and second, your device automatically sends internet traffic (and your IP address) back to that site, without your control or consent. There are sites online that many would not want their intellectual property associated with, so this kind of activity should never be outside of user control.

security mistakes in collaboration tools
Rene Schwietzke (Creative Commons BY or BY-SA)

Integrations

Integrations are great. They allow content from external data sources to enrich your teams’ conversations. Most integrations today are hosted by the collaboration tool vendor which mean any data that passes through an application can be read by the vendor. While this is harmless for integrations that ingest public content on the web, like a Twitter feed, it would have severe security consequences if the data source is private and/or requires authentication to be read online.

security mistakes in collaboration tools
@wewon31 (Creative Commons BY or BY-SA)

Encryption

While several collaboration tools tout encryption as a feature, many do not offer full end-to-end encryption, which exposes conversations to eavesdropping and data collection. End-to-end encryption ensures that only those who are directly members of a conversation can decrypt the content. Without it, both hackers and rogue internal employees have access to any data that passes through the application.

security mistakes in collaboration tools
Fredrik Linge (Creative Commons BY or BY-SA)

Information leakage

When using a collaboration tool through a web application, it’s often possible to find out if any company uses the tool by typing company.app.com or a similar combination into the browser, regardless of whether you’re signed in to a particular team. This allows outsiders and potential hackers to know which companies are using which workplace applications through this formula. Ensure the collaboration tool your company uses doesn’t allow for this kind of information leakage when not logged in.