.svg){kind=small}
by Aware
The new security blindspot is full of legal and compliance risks. Here’s how IT leaders can take charge and protect their organization.
Business communication data is nothing new. Modern collaboration tools like Slack, Microsoft Teams, Yammer and Workplace by Meta are just the latest development in the digitization of the modern enterprise. When managed, they aren’t inherently any riskier than the tools of the past, such as office memos or emails. But collaboration tools create thousands of messages and other data known as Business Content Objects.
The average worker sends 23 collaboration messages each day. Over a year, that means 5,000 employees generate 30 million messages. Plus accompanying file attachments, gifs, emoji reactions and more. Unregulated, this data set can grow exponentially as each new message generates its own ecosystem of reactions and responses. And almost every new tool you introduce will have collaborative elements built into it, exacerbating the nightmare you now face.
Unregulated, this data poses untold risk to the enterprise. How many passwords live within its archives? How often do frontline staff input customer PCI or PII to make their jobs easier? How many conversations contain IP or business-sensitive information?
What damage could that data set do to the company in the event of a breach? How much value could a malicious insider extract? When regulators come to call, or litigators require eDiscovery, what will they find?
At Aware, we’ve enabled organizations to wrap their arms around this data, mitigate its risks and even extract value from its insights. We help IT leaders find the balance between maximizing uptake and improving user experience while meeting the demands of legal and information security teams.
Follow the five steps below to take charge of your collaboration data set and prevent your organization from becoming the next infosec headline.
1. Understand Your Collaboration Ecosystem
The first step to managing any data set is understanding what lives where. What tools and applications are currently in use across your enterprise? Don’t overlook freemium and shadow solutions as well as authorized software.
Remember, your employees and colleagues want to do their jobs as effectively as possible. If you don’t provide the tools that enable them, they’ll find their own solutions.
Once you’ve identified all the tools in use, take steps to understand how much data they generate and where it resides. How far back do archives go? Are copies stored locally or remotely? Who has visibility of the data? Could a malicious insider or external threat actor exfiltrate business-critical information from the archive — and if they did, how and when would you learn about it?
2. Define Your Business Requirements
With clear oversight of collaboration data, you can make informed decisions about its value versus the risk it represents. What information should be kept, and what purged?
Some data is business-critical to keep, either to maintain regulatory compliance or to preserve legacy knowledge. But much information is outdated, its presence only taking up valuable space or introducing unnecessary risk to the data set.
3. Balance Priorities and Controls
As an IT leader, your priority is tool adoption. Why invest in new technology, only to lock it down so tight that nobody uses it? We’re all familiar with the conflict between legal, information security and IT leaders in this regard!
Finding the sweet spot between maximum adoption and minimum risk is a balancing act for every organization. Although it can be frustrating to butt heads with colleagues in other departments on these issues, it’s important to remember that collaboration tools are just another form of business communication. These have existed for decades, and we have the solutions to manage them.
Collaboration tools pose new challenges because they’re new, and the procedures for controlling them are brand new too. You may have to create them in real time as you work through these steps. But solutions are possible that can satisfy both IT and legal requirements, delivering you the ROI you need without creating an infosec nightmare.
Ultimately, it's not the existence of collaboration data that concerns your legal colleagues. It's how well that data is managed.
4. Introduce Real-Time Compliance Adherence and Moderation
For regulators, it isn’t enough for you to say you don’t have restricted information in your collaboration data. You must prove it isn’t there. Company policy documents won't protect you from regulators if you can’t show that employees actually follow them.
Real-time monitoring and moderation is the only defensible solution that evidences data protection in action. Smart tech can detect and remove unauthorized content and coach employees on best practice. This also makes it faster and easier to spot repeat offenders and get ahead of training shortfalls or potential insider threats.
However, if you don’t want sensitive information in your collaboration ecosystem, you must provide employees with a secure alternative. Otherwise, they will continue to ignore policies and circumvent controls when it helps them get their job done.
5. Increase ROI with People Insights
The right collaboration tools can break down silos across the organization. But what if you could extract even greater returns by tapping into the wealth of data they contain?
At Aware, we believe every organization should have a real-time understanding of its unique digital DNA that arms leaders with actionable knowledge about their people, customers and business to power transformation now and in the future.
We help organizations to realize that understanding through aggregate sentiment analysis and insights of collaboration data.
To learn more about how Aware can help you, watch our webinar on Gaining Control of Your Collaboration Data. Aware’s Chief Legal & Data Protection Officer Brian Mannion speaks with Chief Technology Evangelist Chris Plescia about how legal and IT leaders can align to mitigate risks and reap the rewards from this growing information trove.
