Skip to main content

Security, remote collaboration and the future of secure work

(Image credit: Image Credit: Helloquence / Unsplash)

As we all adjust to the new reality of social distancing and remote working where possible, businesses are having to make decisions in days, if not hours.  While many had previously deployed flexible and home working policies, only the most location-agnostic of companies will have been equipped to simply go fully remote.

To cope, many are deploying new communication services rapidly to maintain a semblance of business continuity. However, it’s not simply about signing up some additional licences – companies are only now realising that all the informal communication that kept the business running, that contributed so much to company culture, is no longer automatically possible. The chats over coffee, catch ups as meetings start, lunches, waiting for the lift – it’s all gone. Suddenly, those spontaneous moments have to be planned. 

On top of that, these applications are being deployed, in many cases, without the right experience or knowledge of what they actually do when it comes to privacy and security. While some, such as Microsoft Teams and Slack, have been developed for enterprise use, others leave a lot to be desired it comes to delivering the levels protection that companies must have in place. Zoom, which saw a steep rise in use as businesses went fully remote, is now facing a backlash for its lax approaches. These include recently admitting that it had been sending device information data to Facebook after the conferencing tool implemented a ‘Login with Facebook’ feature, which has led to Zoom being sued in a class-action lawsuit in California by one of its customers.

The tool was also caught up in a furore in the UK when it was used by the Prime Minister and other officials. A photograph of the meeting was shared on social media, allowing people to see the meeting ID number. While the picture was not Zoom’s fault, the fact that default settings do not provide basic security underlines two points: that data privacy regulations for consumer-grade apps are not nearly safe enough for enterprise use, and that even ministers of state do not automatically think about the security implications. 

As the dust settles, new challenges arise

We’re in coming to the end of the initial phase, as organisations shake out how remote working is going to run in their businesses, and the novelty of virtual happy hours haven’t worn off. Yet as the dust settles and the first weeks turn into the first months as a fully decentralised operation, the challenges of managing remote teams will arise.

While communication can be run through collaboration tools, issues such as task tracking, project progress, and status check-ins will vanish without a proper workflow. This is where defining roles, how different channels should be used for interactions and how work is going to be reviewed, managed and approved will be essential to maintaining productivity. If this doesn’t happen, there is significant potential of output slow down, disrupting teams and affecting the ability of the business to perform.

Once they’ve done that, there’s the issue of addressing the real possibility that the entire office working from home is the reality for the medium term. What does that mean for business continuity? For organisations in industries with less regulation or process auditing, this may not be as much of a concern, but for highly regulated sectors, rigorous documentation, project tracking, customer communication indexing and capturing action plans are essential. Policies and processes will be in place but will overwhelming apply to office-based scenarios. Even disaster recovery is likely to have been focused on offices relocating to other designated sites, rather than workforces logging in from home.

The current disruption will have significant compliance implications in those instances. Whole new practices will need to be implemented, and not just decreed, but learnt and followed by employees.

Securing a new way of life

Across all of this is the need for complete security. It’s a challenge for both businesses that are taking their first steps in enabling remote communication, and those that do currently use them. For the former, there is a need to be aware that not all tools have the same levels of security. Even those that do have tools in place need to be conscious of the challenges an IT department faces securing the enterprise across multiple platforms, and the strain increased usage could put the platforms under.

What does a secure collaborative tool look like? There are three core fundamentals that every communications application deployed by an enterprise should have.

Firstly, there needs to be the ability to identify users and make sure they align with the company’s active directory to prevent identity theft. Secondly, all content and conversations must have end-to-end encryption, vital in preventing data leaks. Finally, there needs to be notifications set up to alert organisers when recording, even outside the app, or screen capture, takes place – this helps ensure that the sharing of confidential information can be controlled beyond the call.

Corporate security breaches happen when something small has been overlooked; in the rush to adopt collaboration tools, enterprises run the risk of doing exactly that and exposing themselves, and their data, to cyberattacks. To exacerbate the situation, this could lead to being in breach of local and global data protection regulations, such as the EU’s GDPR, and the accompanying fines and damage to corporate reputation these can bring.

Increased awareness to enable increased remote working

Remote working and collaboration can deliver huge benefits to enterprises as they strive to maintain a semblance of continuity during this crisis. Yet in a constantly changing situation, new challenges will arise that need to be addressed. Ensuring that collaboration and communication services are secure in themselves and aligned with the wider security policies and protocols of the business is critical if enterprises are to enjoy the gains of remote working, without exposing themselves to undue risk.

Francois Rodriguez, Chief Growth Officer, Adeya