Is Your Data Really Safe? How To Avoid The Pitfalls Of Free Online Collaboration Tools

Online Collaboration

Always online, always vulnerable? As different cloud tools, from storage services like Google Drive to CRM systems like Salesforce grow in popularity, so do the security risks – especially as these tools are sometimes used by employees without the consent or even knowledge of the CIO. With employees sharing sensitive company and customer data and documents on cloud-based platforms, the need for security education should become a priority for businesses.

Online security threats lurk behind every corner. Only a few weeks ago, JP Morgan and Kmart were both hit by cyber-attacks that put their customers’ sensitive information at risk. Highlighting the urgency for a united front against hackers and other cyber criminals, the European Commission has put forward proposals for a new Network and Information Security (NIS) Directive. It forms part of the EU’s Data Protection Regulation, set to come into force next year, and it will impose minimum information security requirements and measures related to the use of personal data.

Mission Impossible?

Given the huge impact of all things online on our personal and professional lives in the always-connected world, it’s impossible for CIOs to shield the business from all Internet-related security risks. You could walk on the street with a high-visibility vest and a hard hat, but you might still trip and hurt yourself! We are just going to have to accept taking risks.

And why? A study by KPN Consulting suggests that 1 in 8 employees save business data using free collaboration and document sharing tools. As the popularity of these tools grows, what can you really do to protect the business, its intellectual property, customers’ data, and ultimately reputation and bottom line?

Online collaboration platforms are part of the much-talked-about Bring Your Own trend, which involves employees making their own technology choices based on what is most convenient for them, instead of necessarily using the software dictated by you, the CIO. Employees have adopted a range of different cloud-based tools to help them communicate more effectively and work together on documents more easily with their colleagues.

Is Your Data Really Yours?

In the context of cloud tools and online collaboration, IT security could be described as a house built on three pillars: trust; assurance; and protecting your data with the right security controls. Trust includes things such as the privacy statement and cookie policy of the cloud-based collaboration platform. Assurance is a certification or a stamp of approval from a third party. With an ISO27001 certificate, for example, you know that the cloud collaboration tool in question is compliant with international security standards.

In an ideal world, every cloud solution would adhere strictly to these three pillars. However, that’s not the case when it comes to some tools. Everything comes at a price, and some cloud solutions’ revenues depend on the data that you store in their cloud. What this means is that some of these companies sell ads based on the content of your data. Furthermore, they are sometimes the owners of the data that you upload – so your business-critical, sensitive documents are not ‘yours’ in the traditional sense of the word.

The need for some providers of free cloud tools to mine the data is the reason why your data is sometimes not encrypted on these platforms. In order for data mining technologies to run efficiently, encryption is not an option for free users; instead security technologies like encryption and secure login are add-ons for paying users.

Many keen users don’t read the fine print, putting the integrity of your business data at risk. The physical location of your data is also a key consideration when it comes to third party access to your data. To illustrate, if you are using a US cloud collaboration service with servers located in the US only, your data comes under US legislation. This means that a US government agency such as the NSA can gain access to your data.

Don’t Fight Back, But Make The Right Choices

So what can you do? It will be counter productive to try to control your employees online 24/7. The key is to adopt a simple, open, company-wide policy and to achieve a balance between security and user friendliness in any technology choices you make. This will allow you to empower employees to make the most of cloud-based tools.

Talk openly to your staff about the issues involved, including the potential pitfalls of using free collaboration tools. Make sure that they understand the possible consequences, such as crippling fines and a tarnished reputation, if sensitive customer information or intellectual property gets in the wrong hands.

There is no point in fighting back, as your employees are bound to embrace any tool that will make their lives easier by enabling them to access the data and documents they need whenever, wherever. You shouldn’t shy away from using cloud-based collaboration tools, but you should read the fine print to make sure your business won’t be at risk. Always online and always accessible – it doesn’t have to mean that you’re always vulnerable.

Erkan is the Chief Trust Officer role at Projectplace, where he oversees the security program and is responsible for maintaining customer trust, regulatory compliance and third party assurance. He helped design the Projectplace Security, Trust and Assurance ecosystem to cover all aspects of cloud computing risks and address common concerns.