Popular enterprise collaboration platforms help get the work done, but can their data collection policy result in a breach? Here, Wire’s Chief Revenue Officer Rasmus Holst provides a detailed overview of enterprise collaboration applications and the potential risks, along with ways to maintain security and privacy for organizational communication.Â
Apple’s recent privacy label updateOpens a new window , which aims to bring greater visibility to data privacy has spurred a new debate about disclosure requirements among application developers and companies. Consumers have often been the centerpiece of this privacy vs. data-collection debate, and as a result, consumer tech companies have faced the most scrutiny — this is evidenced by the development of strict government regulations like CCPA and GDPR. On the other hand, enterprise applications have historically seen less critique over their data privacy and security practices despite the massive amount of sensitive information that is handled on a daily basis.Â
While it is no secret that employers can access employee data and monitor activity through company devices and software, it’s important not to overlook the fact that some enterprise application vendors are also collecting and sharing user data. Businesses that value security and want to avoid leaking sensitive information need to truly examine the tools available to make an informed decision on which vendors can be trusted to maintain their privacy.
Pulling Back the CurtainÂ
The type and usage of data collected by collaboration applications vary, but the majority of popular apps will gather information linked to the user. This is true for Microsoft Teams, Slack, and Zoom as they all collect user contact information such as names and email addresses for their own advertising or marketing. Teams and Zoom also utilize location data and user content to enable certain functionalities, so they will have access to photos, videos, audio files, and more if they are shared through the platform. Additional information on interaction within the application, crash data, and performance data are regularly collected to help the platform function and provide useful data for developers working on improvements. In essence, most user data collected by these popular applications are mostly for internal usage.Â
However, a subsequent data breach or vulnerability exploit could lead to accounts being hacked through exposed passwords, email addresses, and phone numbers. Hackers with this information can use a combination of brute-force tactics and ingenuity to overcome multi-factor authentication (MFA) and gain access to sensitive data. It also can result in phishing scams and targeted ransomware attacks on high valued personnel. Any company that keeps any user data runs the risk of exposing it through cyber attacks or by accident.Â
A Matter of Trust
While the data collection and usage policies are not as egregious as FacebookOpens a new window , many of the popular enterprise applications will have access to some sensitive user and company information. For security and privacy-minded companies, this is something to keep an eye on as the average cost of a data breach can be upwards of $3.86 millionOpens a new window . For businesses re-evaluating their tool stack, the question becomes how much can this vendor be trusted to safeguard your data? Three key things can help with this evaluation:
- Go through the privacy policy and terms of use with a fine-tooth comb for any unclear and vague language. Vendors that are reluctant to answer questions and be transparent around their data collection policy can raise a red flag.
- Assess the security capabilities and history of these application vendors and decide if they are truly committed to securing data. For example, Zoom had significant security issues last year with Zoombombing and a massive leak of account credentials, while Slack had a recent bug on rooted Android devices that logged passwords in plaintext. A poor track record and weak commitment to cybersecurity is a sign to reconsider the application’s place in the tech stack.
- If you can, double-check the application’s code. Some platforms have open-source code – this gives them a plethora of benefits and allows prospective clients to see for themselves if the app functions according to its vendor’s privacy claims.
Keep Track of Unauthorized Applications
Of course, any efforts to secure your business applications can be quickly undone with shadow IT. As many employees work from home and away from their organization’s secure network, more personal devices and applications are being used for work purposes. These devices often contain unauthorized consumer-focused applications like WhatsApp, which collects more information from users and actively uses them for advertising purposes. Consumer apps often have fewer security capabilities and are breached more frequently, exposing user information that could be used to access their business work accounts. For example, hackers might gain access through leaked passwords since many people reuse the same ones across multiple accounts. Simply put, having unsecured applications can compromise the security integrity of everything else. Companies need to enforce strict rules against “bring your own devices†(BYOD) and provide proper cybersecurity training for password creation, two-factor authentication, and cyber-hygiene awareness.
Privacy With Security
Enterprise applications collect user data in the same way as consumer apps, albeit with less personal data and third parties’ involvement. However, even the most basic contact information can result in a major breach given the craftiness of cybercriminals. To maintain security and privacy, be vigilant. Refrain from using heavy data collection applications and train employees to avoid using personal devices and unsanctioned tools so that they don’t put the company at risk.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!