The Hidden Data Leak Risk in Your Organization
by Aware HQ
Your enterprise collaboration platforms could be an open door for data exfiltration.
What if we told you there was a place where confidential information is available to almost your entire organization? Where outsiders are invited in and data can be accessed, downloaded, or copied in a click. Unless you’ve taken steps to prevent it, it’s happening in your organization right now.
We’re talking about enterprise collaboration and social network tools. Most companies use at least two. Slack, Microsoft Teams, Workplace from Meta, Yammer…. All these platforms are helping to break down silos and turbocharge productivity in the workplace. But at what cost?
What is a Data Leak?
Any time restricted data is inadvertently released, that’s a data leak. Data leaks aren’t the same thing as data breaches. In cases of data breaches, the organization comes under attack from a bad actor who wants to steal that information. Data leaks happen through negligence or oversight, and don’t always require an attack to trigger them.
Modern enterprises have safeguards and security tools in place to shield against data breaches. But many organizations still overlook the risk posed by modern internal collaboration platforms. And that can have disastrous consequences.
What Causes Data Leaks?
While talk of data leaks might bring to mind images of computer hackers and corporate espionage, the reality is much more mundane. In 2021, the most common cause of data leaks was software misconfiguration. For example, UpGuard discovered settings in Microsoft Power Apps that exposed 38 million records.
Misconfiguration is a growing cause of enterprise data leaks, responsible for more than 40% of incidents in 2019. That’s a five-fold increase since 2015 — a rise that has gone hand-in-hand with the digital transformation of the modern workplace. Simply, using more cloud-based applications means more opportunities for data to slip through the cracks.
Relying on default or recycled passwords also poses a danger to information security. This is especially problematic when Internet of Things devices are connected to a wider business network. That smart fridge, thermostat, or fitness tracker could be opening a backdoor into your organization’s digital vault.
Finally, when unscrupulous actors want access to your company’s sensitive data, many find it’s easier to hack your people than your software. Social engineering scams rely on business hierarchies to trick employees into giving away access credentials. Think about a receptionist getting a text from the CEO asking for the company credit card details. Or an email from Mike in IT saying all hands need to click on a link to complete a security login. Except, of course, the CEO sent no such message, and there is no Mike in IT.
Are Data Leaks Serious?
Not all the information disclosed in a data leak will be critical for the organization. However, the presence of the leak is itself a serious problem. The average data breach costs $3.92 million to mitigate, and 280 days to detect and contain. Some of the consequences of data leaks include:
- Loss of client or customer trust
- Regulatory fines
- Operational downtime
- Competitors accessing intellectual property
Because data leaks are usually the result of negligence or oversight, they can cause more damage to the company’s reputation than a targeted attack by malicious actors. Yet most companies spend far more time and resources defending against hackers. It’s easy to overlook the training and technology that could prevent accidental leaks.
How to Prevent Data Leaks
The majority of data leaks are caused by human error. That means they need human solutions. Training staff on the proper procedures for accessing or sharing information should be an ongoing process. Having new hires watch an hour-long video during onboarding won’t cut it. As technology evolves — and scammers become more sophisticated — the steps to prevent a leak must be updated.
Routine refresher courses on best data security practices should be part of your organization’s normal business operations. Create clear policies on how to handle information, where to store passwords, and what to do to validate an unusual request.
The shift to remote work during the pandemic dramatically increased the risk to organizations. The overnight adoption of new technologies created large holes in digital security. Faced with unprecedented upheaval, employees were left unsure how to protect themselves or their organizations. With remote work here to stay, businesses need to review their current tech stack to identify and close potential points of entry.
Collaboration Platforms and Data Leaks
In tandem with improved employee training, businesses should also provide their staff with the right tools to safeguard their information. There might be no clean desk policy for remote work, but security is still mission critical. Employees should know the procedures for how to store passwords, access company files, and share information.
Password managers, VPNs, centralized storage solutions, and SSO/zero trust can all help to secure confidential information within the remote workplace. However, there is one common place where information is freely shared, and outsiders are often invited to participate. That’s your digital collaboration platforms.
The goal of collaboration is to break down internal silos and democratize information access. The faster and easier it is for people across the organization to communicate, the better they can all do their jobs. To facilitate easier information-sharing, collaboration platforms can plug into any number of other programs. Slack enables hundreds of different integrations, from project management and productivity tools to file sharing, social media, and games. It’s the same story with Microsoft Teams and Workplace from Meta. Even Yammer allows about a hundred third-party apps to connect to your remote office.
Each of these applications exposes your online workplace to new vulnerabilities. A breach of one could open a back door to all the information shared across your collaboration network. That’s why it’s important to carefully vet and approve each integration that your employees connect to your platforms — before they do so.
Another concern for businesses using collaboration is third-party user access. Slack Connect allows users to invite clients, contractors, and vendors into the workplace Slack environment to make it even easier to communicate and share documents. Similar functionality exists across most collaboration platforms, including Teams Connect, Workplace multi-company groups, and Yammer external groups.
Allowing third parties access to company collaboration platforms has proven benefits for the business. It can accelerate projects, strengthen working relationships, and produce better outcomes for all parties. But it doesn’t come without risk. Business relationships can change, and when they end you don’t want old documents, IP, and other sensitive information to remain in a single shared repository.
Even if you remain on good terms with a business partner in a shared collaboration space, how can you be sure that their security policies match your own? Have they written down or shared their access details with a third party, such as a contractor working on their behalf? How would you know if they had? And how can you be sure that every actor within your collaboration ecosystem is taking steps to safeguard the confidential information shared within its network of messages and chats?
How Aware Can Help Prevent Data Leaks in Collaboration
Many potential data leaks can be prevented by implementing a single, secure monitoring solution. Aware is that solution. Our platform connects to all major collaboration networks via API and webhooks, meaning no additional IT lift is required. From there, you can set policies that apply across your collaboration ecosystem and Aware will take care of implementation.
Continuous uploading means Aware captures the full context of collaboration in near real-time, including revisions and deletions. Other collaboration security tools rely on batch ingests to record data, resulting in lost information and incomplete context. Only Aware can deliver a complete, 360-degree contextualized oversight of activity within collaboration.
Then Aware takes collaboration security a step further, with automated conversation monitoring using AI/ML-infused insights trained to understand short-form collaboration messages. Aware’s natural language processor is best-in-class for collaboration, because it was built and trained specifically for this task. Get authentic insights into employee sentiment and understand where risk exists within your collaboration environment. Aware empowers some of the world’s biggest organizations to get proactive about collaboration data security.
To learn more about some of the risks facing modern enterprises as they embrace collaboration network platforms, download the Aware whitepaper now.