You need to ask a colleague to check in on a task; what’s your most likely form of communication? Picking up the phone? Composing an email? Walking over to their desk?
If you’re like most enterprises, a messaging platform has become the primary channel for your intra-team communication. Platforms such as Slack and Microsoft Teams reportedly have 12 million and 13 million daily active users respectively. These platforms facilitate real-time collaboration between team members and, unlike email, a style of communication that is casual, brief and elicits immediate responses. In addition, these platforms allow users to share media, files and a variety of other content. They also enable employees to add external users, suppliers, contractors and customers to the network, thereby extending the reach of communication beyond the enterprise.
Essentially, the instantaneous and bi-directional communication experience of these platforms is fueling their growth and profoundly changing how information gets shared within the enterprise and beyond. Naturally, as with the adoption of any new workplace tool and anytime company information is being relayed, there is a downside to consider: the risk of security breaches.
Here are some of the main security factors to consider when using enterprise messaging platforms.
1. Encryption
Data encryption is a critical requirement to ensure that information is securely exchanged between parties and to prevent data leaks. Before choosing a messaging platform for your company, it’s important to ensure that it supports, at minimum, TLS 256-bit encryption. Also note that some platforms support encryption while transferring the data, while some take it a step further and extend this encryption to storage, as well. Be mindful of the extent of encryption your platform is capable of.
2. Role-Based Access
To prevent the unintentional or unauthorized sharing of confidential information, an organization’s chosen messaging platform needs to support role-based access. The platform’s functionality should allow for enterprise data to be available, or not, to employees based on their job function and role. Administrators should be able to regulate this access in a granular way, thereby having firm control of levels of clearance within their company.
3. Restricting File Actions
Administrators should also be able to restrict users, or certain users, from being able to download documents shared via the platform. Some platforms provide capabilities that allow users to view documents in read-only modes, disabling their sharing options. Users can also be restricted from taking screen captures to prevent sensitive information from being shared in that way.
4. Authentication
Like with most security protocols, a strong authentication mechanism is critical to safeguard unauthorized access. Biometric authentication along with two-factor authentication is far more secure than password-based authentication. In addition, this makes the login experience frictionless for employees who won’t have to worry about remembering passwords and can simply use their fingerprints, facial recognition, or the like to log in.
5. Logging
Logging throughout the life cycle of a message is a critical requirement to ensure that administrators are able to trace any incidents or security breaches by being able to identify the sender and the information that was exchanged. Enterprises must also implement single sign-on to make it easy to identify employees across their multiple systems. This has the added bonus of, once again, creating a frictionless user experience for employees, as well.
6. DLP Policies
A data loss prevention (DLP) policy should be implemented to restrict users from sharing sensitive or critical business information outside the organizational network. This requires setting up rules that help identify sensitive content and prevent users from sharing this information. A chosen messaging platform should allow for this sort of functionality. This policy should also be shared with employees upfront and in a clear manner.
7. Vulnerability Audit
Finally, an enterprise should ensure that their messaging platform provides reports of regular security audits. Platforms should perform frequent penetration testing for any vulnerability against risks defined by organizations such as OWASP and WASC. Their findings should then be readily accessible to their customers.
Looking Beyond the Desk-Based Workforce
While Slack and Teams have been popular with desk-based workers in the corporate workplace, traditional industries such as retail, manufacturing, hospitality and others have seen limited adoption of these platforms. This is primarily because these industries have a large non-desk workforce, and these platforms don’t offer the best experience for field-based workers who often use mobile as their main form of communication. So, a majority of these employees use public messaging apps for operational communication within their team, which includes sharing content and files.
The major problem that arises when utilizing public messaging channels is that the enterprise essentially has no control over how information gets shared, thereby putting their organization at huge security risks. Instead, these organizations should look to safeguard their data by adopting communication platforms that have been specifically designed for the non-desk workforce and that offer the same enterprise controls and security features mentioned above.
Putting Security First
While the convenience and ease of messaging platforms can greatly aid in the efficiency of the workplace, these advantages shouldn’t come at the cost of security. It’s important for an enterprise to carefully consider all of the above factors when choosing a platform to adopt for their workplace.