Slack and Teams have been a boon to digital workplaces. Therefore, allowing employees to communicate and collaborate more easily than ever before. Both Slack and Teams offer a seemingly endless number of potential integrations with other software programs and platforms. Slack & Teams actually introduce new cybersecurity concerns in today’s workforce.
Slack and Teams – Both Offer Potential Integrations
This can be a huge draw for businesses as it promises to make communication and collaboration easier. However, these tools allow users to collaborate outside the enterprise and even outside the firewall. This can lead to data breaches and other security incidents. Just the thought of these tools being done in the wrong way, by the wrong person. Hence, can send shivers down any cybersecurity professional’s spine. If there are any cybersecurity risks, enterprises need to be aware of these risks and take steps to mitigate them.
So, do Slack & Teams actually introduce new cybersecurity concerns in today’s workforce? “This is a perplexing question, especially when you take into account a remote workforce. Our specialty is Microsoft centric and therefore I can be specific about Microsoft Teams. Teams do not allow file sharing with someone outside of your organization, although it does allow for sharing from someone outside your firewall if they are in the same organization,” said Ilan Sredni, CEO and President of Palindrome Consulting, Inc.
Sredni continued, “This can create a potential issue when you have users connecting to teams and collaborating on a non-secure device or on a non-secure network. This risk will force the enterprise to have to scan any documents or attachments, just like we do with email today. Assuming that two users are sharing information completely outside of the firewall, it causes a greater risk to both of those users, since there’s no way for the firewall to filter any of that information.”
Security vs. Convenience
The first concern with Slack and Teams is the security of the data that is being shared. These tools allow users to share files and messages with each other, which can contain sensitive information. This information can be accessible to anyone who has access to the chat or file, including unauthorized users.
Another concern is the fact that these tools are so convenient to use. Employees may be tempted to use them for tasks that are not related to work, such as personal messaging. This can lead to data breaches and other security incidents. “We always try to balance out security versus convenience – we want to make sure that we have adequate security in place, but still have it easily accessible to our clients,” said Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder of LI Tech Advisors.
Importance of Having a Plan Before Using Slack and Teams
To avoid any security breaches, it’s important to have a plan for how you will be using Slack and Teams. Set up the proper user permissions and make sure that only authorized users can access sensitive company data. Also, remember to regularly audit your systems to make sure that there are no vulnerabilities that could be exploited. “The security implications of your internal collaboration tools, if not well-thought-out, could be quite drastic and can lead to a security breach,” said Ashu Bhoot of Orion Networks.
All the standard collaboration channels like Slack and Teams do offer enterprise integration for better data policies/monitoring. We highly encourage you to use those and build practices around this. Slack has a pretty good integration for SharePoint and Google Drive. Thus, ensuring your users are sharing key/sensitive data via those integrations instead of directly in. Slack can reduce the risk considerably. In addition, educating your users on what is allowable to be shareable vs. what is prohibited can save lots of hassle. While it’s not a systemic check or will yield 100% results, it does considerably reduce your risk of critical data trickling into these channels. Therefore, it becomes part of your team culture.
Great Customer Service at LI Tech Advisors
“At LI Tech Advisors, we pride ourselves on having great customer service and customer relations. We offer both Teams and Slack channels for our clients to communicate with us to help us resolve issues in a timely manner. Security is, of course, our top priority, so we have several layers of security protocols in place to restrict access to secure documents. We accomplish this by instituting security protection such as requiring MFA for all users, including external users. We also have implemented Data Loss Prevention (DLP) and Access Control for Documents. This way, we can limit the number of people accessing specific documents that happen to be in a channel,” said Buonaspina.
Mitigating the Risks
Enterprises can mitigate the risks associated with Slack and Teams by taking a few simple steps. First, they should make sure that only authorized users have access to the data. Second, they should use strong passwords and two-factor authentication to protect the accounts. Third, they should ensure that employees are aware of the risks.
“With the new IT world we live in of having documents and communication on the cloud, IT professionals need to think honestly outside of the box when it comes to security. Just having group security and passwords is just not enough. Having multi-factor authentication is a must nowadays. However, MFA only protects accounts and not company data shared externally via Microsoft Teams and SharePoint,” said David Carreiro, Owner and Chief Executive Officer of CEU Technologies.
Microsoft Azure Implemented Great Compliance Tools
Carreiro continued, “Microsoft Azure has implemented great compliance tools to assist with SharePoint and Teams data. Working with a good Microsoft partner who is well knowledgeable on these compliance tools is critical. Also, a good partner is constantly learning and getting certified. The Azure cloud is a consistently moving target, especially regarding security and compliance. Implementing the latest security and compliance settings is a must to keep your partner’s data safe.”
CEU Technologies works with our partners to identify the data in their SharePoint and Teams channels and sites. Sensitive company data sites are build as private sites where external sharing is not active. We also utilize Microsoft Information Protection Labels and configure these labels with our partners. Creating Microsoft Information Protection Labels and using machine learning and AI to identify keywords and data. Once data has been identified as sensitive business data, the data will automatically be encrypted, and Teams and SharePoint sites hosting the data is set to private. Some examples of labels created for specific business data are PCI data, HIPAA data, passport numbers, payroll data, tax information, bank account numbers, financial data, etc.
Implementing a Microsoft Cybersecurity Task Force
To avoid potential cybersecurity concerns, it is important that you follow Microsoft’s best practices. “In helping to secure Teams, clients need to make sure that their security posture with all things “Microsoft” is up to par. Through the Microsoft 365 Security Center, and by following Secure Score recommendations, an organization can begin to better monitor. Also work on the security of their Microsoft 365 applications, as well as user identities and devices. Without question, one of the main features in Teams that is under sustained attack by hackers is the Chat feature. Like the malicious links and files are very quickly finding another home outside of user email inboxes,” said Joe Martin. He is the strategic Account Manager at Compunet Infotech.
“Although collaborative applications, such as Microsoft Teams, appear to provide unrestricted access to the world, IT administrators are given a lot of tools to lock down these environments, while propelling work efficiency. The great part of these fairly new collaborative applications is that they were “born” in an age of digital security,” said Nick Martin, Director of Managed Services at Mainstreet IT Solutions.
For example, Microsoft Teams is a recently collaboration app came into effect in the past 5 years for users across all types of platforms. Microsoft has gone to great lengths to include a variety of security features, such as its integration with Azure Active Directory. It comes with a whole digital security solution. Items such as Conditional Access, Identity Protection, and multi-factor authentication. Microsoft even delivers a toolset with its Security Center that helps IT administrators assess their security habits. Thereby providing a scorecard to compare against Microsoft’s Best Practices.
Microsoft Can Keep Your Data Safe
Microsoft has a variety of applications and programs that can help you keep your data safe. One application, Microsoft Intune, helps protect your devices by managing security policies and settings. “Technically, any MDM can meet these requirements. Intune will protect your organization by requiring users and devices to meet specific requirements. Without compliance policies in place, there is no guarantee that the devices your users are using are safeguarded,” said Mark Veldhoff, CEO and Founder of Envizion IT.
