The full articles was published on Toolbox.com on February 25, 2021
Popular enterprise collaboration platforms help get the work done, but can their data collection policy result in a breach? Here, Wire’s Chief Revenue Officer Rasmus Holst provides a detailed overview of enterprise collaboration applications and the potential risks, along with ways to maintain security and privacy for organizational communication.
Apple’s recent privacy label update, which aims to bring greater visibility to data privacy has spurred a new debate about disclosure requirements among application developers and companies. Consumers have often been the centerpiece of this privacy vs. data-collection debate, and as a result, consumer tech companies have faced the most scrutiny — this is evidenced by the development of strict government regulations like CCPA and GDPR. On the other hand, enterprise applications have historically seen less critique over their data privacy and security practices despite the massive amount of sensitive information that is handled on a daily basis. While it is no secret that employers can access employee data and monitor activity through company devices and software, it’s important not to overlook the fact that some enterprise application vendors are also collecting and sharing user data. Businesses that value security and want to avoid leaking sensitive information need to truly examine the tools available to make an informed decision on which vendors can be trusted to maintain their privacy.
The type and usage of data collected by collaboration applications vary, but the majority of popular apps will gather information linked to the user. This is true for Microsoft Teams, Slack, and Zoom as they all collect user contact information such as names and email addresses for their own advertising or marketing. Teams and Zoom also utilize location data and user content to enable certain functionalities, so they will have access to photos, videos, audio files, and more if they are shared through the platform. Additional information on interaction within the application, crash data, and performance data are regularly collected to help the platform function and provide useful data for developers working on improvements. In essence, most user data collected by these popular applications are mostly for internal usage. However, a subsequent data breach or vulnerability exploit could lead to accounts being hacked through exposed passwords, email addresses, and phone numbers. Hackers with this information can use a combination of brute-force tactics and ingenuity to overcome multi-factor authentication (MFA) and gain access to sensitive data. It also can result in phishing scams and targeted ransomware attacks on high valued personnel. Any company that keeps any user data runs the risk of exposing it through cyber attacks or by accident.
While the data collection and usage policies are not as egregious as Facebook, many of the popular enterprise applications will have access to some sensitive user and company information. For security and privacy-minded companies, this is something to keep an eye on as the average cost of a data breach can be upwards of $3.86 million. For businesses re-evaluating their tool stack, the question becomes how much can this vendor be trusted to safeguard your data? Three key things can help with this evaluation:
Of course, any efforts to secure your business applications can be quickly undone with shadow IT. As many employees work from home and away from their organization’s secure network, more personal devices and applications are being used for work purposes. These devices often contain unauthorized consumer-focused applications like WhatsApp, which collects more information from users and actively uses them for advertising purposes. Consumer apps often have fewer security capabilities and are breached more frequently, exposing user information that could be used to access their business work accounts. For example, hackers might gain access through leaked passwords since many people reuse the same ones across multiple accounts. Simply put, having unsecured applications can compromise the security integrity of everything else. Companies need to enforce strict rules against “bring your own devices” (BYOD) and provide proper cybersecurity training for password creation, two-factor authentication, and cyber-hygiene awareness.
Enterprise applications collect user data in the same way as consumer apps, albeit with less personal data and third parties’ involvement. However, even the most basic contact information can result in a major breach given the craftiness of cybercriminals. To maintain security and privacy, be vigilant. Refrain from using heavy data collection applications and train employees to avoid using personal devices and unsanctioned tools so that they don’t put the company at risk
Wire™ is the most secure collaboration platform, transforming the way businesses communicate at the same speed that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 enterprise customers worldwide. Recognized by IDC, Forrester, and Gartner as one of the most secure collaboration platforms, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration - all protected by the strongest end-to-end encryption.
Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes.
Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.