Bad actors thrive in chaos.
Email scammers taking advantage of Covid-19, have heard this message clearly: large scale uncertainty and mass digital change is fertile ground for those looking to exploit others.
Never has there been a more uncertain time for workers than earlier this year, as the pandemic swept the globe and businesses had to move to digital-first approaches overnight. These rapidly accelerated transformation timelines have brought many benefits, from improved collaboration to better work-life balance.
However, just as businesses moved-mountains to adapt, so did bad actors. Unsurprisingly then, the pandemic has highlighted growing security concerns across the enterprise. Yet, with the right approach and tools, organizations can reap the benefits of transformation, become more agile and simultaneously boost security.
Knowing your enemy
In April, Google reported more than 18 million daily malware and phishing emails related to Covid-19 scams in a single week. Meanwhile, a report found that attacks on the financial sector grew by 238 percent from February to April 2020.
Attacks are taking place far and wide, without discretion—the World Health Organization itself isn’t exempt, suffering a five-fold increase in attacks during its most critical period in a generation.
Beyond this, tens of thousands of new Covid-19 related domains are being created on a daily basis—at least 90 percent of which are illegitimate.
Undoubtedly, the convergence of the pandemic and cybersecurity paints a dramatic picture. However, there’s no need for alarmism. Fighting back is easier than you might think.
Email accounts for a huge number of threat vectors, both through phishing and malware installs. According to the Verizon Data Breach Investigations Report 2020, email was the number one cause of malware installs, leading to password dumpers (which collect credentials), ransomware, trojans and more appearing on user’s devices.
Tackling the security issues email presents can be one of the most effective ways of boosting security available to an organization. Both for internal and external communication, changing email habits and reducing reliance upon it is simpler than ever, even at a time when we have more need to collaborate digitally than ever before.
Eradicating email, enabling enterprise-grade security
Channel-based messaging platforms for enterprises can bring together the right people, information and tools into one place so employees can get work done.
Communication in channels is vastly more effective for work than email. Channels can be formulated by topic, give everyone transparent access to the information they require (with members easily added or removed as needed) and plug-in to other apps and tools, meaning less swapping and searching for information.
On top of this, channels are secure, not just for a single organization, but for communication with external partners. If workers are collaborating through Slack Connect (shared channel-based messaging) across many organizations, admins can maintain granular control and constant visibility over what data is shared. Teams in channels are also not open to the risk of spam and phishing, because only verified members are able to send messages.
By moving away from email to channel-based messaging, both internally and externally, organizations shut-down, in a single-pass, one of the biggest threats to their overall security.
However, communication of information is only one part of the data security picture. It’s also important to think about how and where data is stored.
Data residency and data sharing
While data flows globally, knowing and controlling where it is stored is increasingly important to a variety of evolving data governance rules.
The concept of data residency is straightforward. If your business is based in the UK for example, it will have different regulatory standards, and face different security challenges than one based in the US, so it doesn’t make sense for your data to be stored there. That’s why as businesses embrace new ways of working in greater numbers than ever, the technology they use has to provide more options on how their data is being stored.
Workplace technology must offer data residency options across the globe to ensure users are able to meet the relevant security and regulatory guidelines.
Beyond the storage of data, though, admins also need to have control over how that data is shared within their organization. While increasing transparency is key to creating a more nimble and high-performing business, and reducing reliance on email will do much to protect information, there are times when sensitive information needs to be controlled even among trusted team members.
In those instances, information barriers can be used as firewalls which prevent user groups from contacting members of other groups. This can be particularly valuable in environments with sensitive or high-value information like healthcare, government or banking. Granular controls in such industries can enable admins to meet rules and regulations while still allowing appropriate collaboration to take place within those groups and among allowed user groups.
Increasing your data security doesn’t have to slow you down
Many organizations will be rethinking their tech-stack as the age of the office comes to an end and businesses move to increasingly distributed, remote and, flexible methods of working. From the huge increases in phishing and other insidious attacks, it’s clear bad actors are eager to exploit any uncertainty during this period and the cracks in security programs that open during any transition.
However, with the right steps, a move to distributed working and the technology like channel-based messaging that supports it, can dramatically improve overall security while also boosting collaboration.
By reducing reliance on email, businesses can permanently shut the door to a huge number of attacks. Meanwhile, data residency and sharing controls arm admins with the granular tools they need to drive up regulatory and compliance standards across the business. Best of all, all this doesn’t come with a trade-off. Instead, moving away from email to channel-based messaging will provide businesses with not only a more secure future, but a more productive one.
Larkin Ryder, Director, Product Security, Slack