Human Behavior is Your Company’s Biggest Risk Surface
Aware’s De-Risking Collaboration Webinar Series explores people as the perimeter of your successful infosec strategy
Securing your company’s most valuable information used to be simple. Only commit essential knowledge to paper and lock it up or destroy it when not in use. Over time, paper gave way to computers, and computers to smartphones. Data that was once secured in vaults or hard drives which could only be breached by threat actors who got inside the physical perimeter of an office or safe repository can now be accessed from anywhere, by anyone, thanks to today’s interconnected world. The new perimeter of information security isn’t a locked door, but a million individual decisions made by employees every day.
Losing a laptop or thumb drive while commuting. Mistyping an email recipient. Attaching the wrong file to a Slack channel. Through small acts of negligence or oversight, your people invite risks inside your security perimeter every day.
It’s a situation experienced CSO Malcolm Harkins describes as an “urban sprawl of collaboration, coordination and communication.” Speaking with Aware Product Evangelist Chris Plescia, Harkins breaks down the challenges facing modern security and technology leaders.
Today’s biggest risk factor is the proliferation of new, unmanaged technology into the collaboration ecosystem, and how your employees are using it. While employees are routinely coached on phishing scams and social engineering attacks, human mistakes still occur. That’s why technological safety nets are a vital part of any data security operation. For instance, email servers can monitor communications, archive messages, and block or flag senders, keywords and restricted files.
Businesses have also had years to train employees on how to protect sensitive information in digital communications like email. And emails have an innately formal structure, with clear senders and recipients and threaded chains that document every step of a conversation.
Collaboration tools like Slack, Microsoft Teams, Zoom, WebEx and more lack the same functionality. Instead of complete messages with clear parameters of what data was sent to whom, now messages are brief, unstructured, informal and can be seen by anyone without creating a paper trail. And these tools, which drove the success of remote work during the pandemic, encourage their users to engage in riskier behavior.
There's a lot of acronyms, there’s slang, there’s sarcasm, all the things that we had by and large eradicated in email blossomed in collaboration tools. — Malcolm Harkins
Within a collaboration ecosystem, employees can do almost anything. They can send and receive private messages without oversight. They can circumvent the usual communications channels and hierarchies that keep businesses siloed. They can upload files and screenshots in a click, link to internal documents and invite outsiders into the company workspace.
They can look in on conversations happening between other teams and departments and exfiltrate what they find without their actions being documented. They can sync all the data contained within the entire collaboration ecosystem across any number of personal and private devices, instantly circumventing secure perimeters like firewalls and restricted networks.
Aware research from analyzing millions of real collaboration messages shows that 1:166 contains sensitive information — and a workplace with 10,000 employees will generate 60 million messages per year. That’s over 350,000 instances of PII/PCI/PHI, intellectual property and other secret or sensitive data. It’s the kind of information that can cost the company millions of dollars in regulatory fines, lost contracts and reputational harm.
Our research also shows that most data security incidents in collaboration tools aren’t caused by malice, but by ignorance. The pandemic necessitated the overnight roll-out of tools like Slack and Teams without clear guidance about how they should be used. Workers, just trying to do their jobs, often make the mistake of assuming that a work-sanctioned tool is a safe repository for all work-related information, including regulated and restricted data. Simply, if you’re not giving your employees a convenient, secure means to transmit sensitive information, they’re doing it in collaboration.
For security and technology leaders, the enterprise collaboration ecosystem is now a tangled nightmare of blind spots and unregulated risk.
In this insightful webinar, Malcolm Harkins and Chris Plescia discuss how businesses can mitigate their risk exposure and erase the blind spots of collaboration with near real-time compliance monitoring and moderation from Aware.
Watch the webinar now to learn how you can take charge of your collaboration tools and realize their value while installing the safety nets that protect the enterprise from the risks of human behavior.