People make mistakes. It’s a fact that we all live with. Sometimes you can trace errors back to distractions or a lack of understanding. In other cases, the root cause is carelessness. Companies develop a certain tolerance for mistakes, especially when adapting to new business models or innovating. However, there’s one area where there is no room for error: secure cloud collaboration.
You may tend to associate a “data breach” with well-publicized cyberattacks, but a data breach is anytime an unauthorized person gains access to information. In an attempt to prevent data breaches, a business's in-house IT teams or managed services providers deploy tools, such as firewalls and endpoint protection, intrusion prevention/intrusion detection, and multifactor authentication, and single sign-on (SSO). They also work hard to make sure that those security solutions are configured properly and that all the software a business uses is patched when vulnerabilities are discovered.
Headlines tend to focus on high-profile cyberattacks, such as state actors hacking software programs or phishing schemes that trick employees into transferring thousands of dollars. However, the 2020 Verizon Data Breach Investigations Report points out that human error can be just as devastating to a business as those headline-grabbing events. “Miscellaneous errors'' are second only to hacking as a reason for data breaches and add up to about one-fourth of all security events.
Preventing unauthorized people from gaining access to the business’s data takes more than technology. A critical element of secure cloud Collaboration is establishing and enforcing policies and training employees to minimize risks. It is undeniably challenging. Human behavior is harder to predict and control than technology.
To make matters worse, protecting data became harder in 2020 when many employees began working from home, some using their computers or devices. In some cases, visibility into what your team members were doing dropped to zero if you didn’t update policies and controls to ensure visibility of activity in the cloud during remote work. The human-error factor of data breach risk expanded to include employees storing company documents and data on their private computers and tablets, accidentally adding personal accounts as collaborators to company cloud data, and other risky behaviors beyond the watchful eye of the company’s security team.
One of the most important parts of your cloud Collaboration policy, whether employees are working inside or outside the office, is the Principle of Least Privilege. Putting this principle into practice means that your employees only grant access to data when team members need it to do their jobs – and gives them only the level of permission necessary. Therefore, when team members need to share a Google Doc, they would grant access to specific individuals by adding their unique accounts as collaborators, rather than choosing the option, “anyone on the internet with this link can view/edit.” This is important because when an employee creates a document in “link sharing mode” instead of adding specific collaborators individually, a collaborative team member could include the document link in a group email or accidentally hit “reply all.” A link with unrestricted access could conceivably wind up in the hands of a competitor or even a bad actor who would monetize that data. And, by definition, cause a data breach. In “link sharing mode” anyone with the link can access the document, not just the intended people you hoped would have access to.
You should also train your team to limit permissions to third-party applications. Connecting with an app, extension, or plug-in may provide your team with added functionality that boosts efficiency, but it can also introduce new risks. The app will ask your employee to grant permission to the company cloud files, for example, access to cloud documents, email, or calendar. However, granting all permissions may not be safe. If a hacker gains access to the third-party solution’s servers, your data’s security may be at risk. Your IT team should have the viability of each extension or app that your employees use, and employees should, again, follow the Principle of Least Privilege, granting only necessary permissions.
Training your employees on best practices for secure cloud collaboration is vital, but, unfortunately, it’s not enough. Even well-trained, knowledgeable people occasionally make mistakes. Moreover, with the added pressures of working from home during a pandemic, when the dining room table became a home office, a classroom, and a hub of video communications, distractions were a distinct possibility.
The solution is using a tool that monitors your teams’ activity. Industry-leading tools use natural language processing (NLP) to learn which data is sensitive and must be protected and sends accurate alerts when an employee doesn’t follow policies designed to protect it. Moreover, a tool that operates in the background in real-time allows you to correct a potential problem before it results in a data breach – rather than the alternative scenario of you discovering the issue after sensitive data has left your organization. An intelligent tool will also provide you with the visibility into which employees are engaging in risky behaviors so you can intervene or retrain them and minimize human error.
Taking steps to minimize human error is just one element of a comprehensive, secure cloud collaboration strategy. Businesses need to take a pragmatic approach to cloud Collaboration. Although the cloud-enabled remote work at a time when organizations needed that capability the most, it can also introduce new risks to data, applications, the network, and the business itself. It is vital to give your business all of the advantages of the cloud but to do so securely.
For more information on the steps you can take to create an IT environment and a culture of secure cloud Collaboration, download our white paper 5 Keys to Working Securely in the Cloud.
Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.