5 Security Risks of Collaboration Tools
Published 12/20/2023
Originally published by Abnormal Security.
Written by Mick Britton.
Today’s business tech ecosystems are rapidly evolving. Many employees take advantage of remote work, SaaS environments continue to expand, and collaboration tools increase in popularity. Common examples of these tools include Slack, Microsoft 365, Zoom, Jira, and Google Workspace.
As employees adopt more business collaboration tools to simplify their jobs, the more complex these business tech ecosystems become. This creates a lot of challenges for organizations trying to secure themselves against bad actors.
While business collaboration tools enable seamless communication, file sharing, and project management, these tools also pose security risks that organizations must confront.
Here’s a shortlist of five security risks of collaboration tools and what you can do about them.
1. Phishing Attacks
Phishing attacks are nothing new, but they are becoming more sophisticated. While email used to be the primary channel for phishing attempts, attackers are omnichannel opportunists, sending nefarious links through workplace collaboration apps as well as email, SMS, and social media.
Spotting the red flags of a potential phishing message was relatively simple. Keen-eyed targets might catch spelling and grammar errors, flag the message, and help prevent coworkers from encountering similar bad communications. But with tools like Grammarly or ChatGTP, cybercriminals can easily produce well-crafted messages in an instant. This means that employees can’t rely on the same techniques to identify these risky emails or messages.
2. Account Compromise and Unauthorized Access
Weak passwords, recycled passwords, and credential theft can lead to a world of problems. Unauthorized access to collaboration tools, workplace apps, and email accounts puts attackers in a prime position to intercept sensitive information, send malicious messages, or use the account as a launching pad for further attacks. Some attackers hide in your account for months, completely undetected.
One of the reasons account compromise is so dangerous is that it allows illegitimate requests to come from legitimate accounts. If the hacked email password matches the sign-in information for other accounts like Slack, the attack can snowball into bigger problems for your organization.
Similarly, a hacked email account could give an attacker access to Google Drive. From there, the attacker can read sensitive documents and glean information for their next attack. They might find a list of customers to spoof, financial information to steal, or important files to delete.
3. Social Engineering
Social engineering attacks exploit human psychology to motivate targets to perform specific actions. For example, an attacker might impersonate a CEO to assume authority over an employee. Or the attacker might stress the urgency of a request so that the target doesn’t have enough time to really consider the risks associated with the ask.
One of the tactics we see is a two-pronged attack where the bad guy sends an email pretending to be an executive. He alerts the target that she should expect a WhatsApp message from an audit firm ahead of an acquisition deal. Since the victim is primed to look for this other message, she might consider the WhatsApp communication to be more credible than if it was a cold message. From here, the attacker can manipulate the target to share sensitive information or payment details.
4. Data Leakage and Unsecure File Sharing
Cybercriminals are data-hungry. As one of your most valuable assets, ensitive data can be stolen, sold with malicious intent, ransomed, leaked, or used against your organization in any number of ways.
Collaboration tools present a number of risks by allowing increased access points to get into your data. If a determined attacker can’t convince an employee to share information via a social engineering scam, they might look for an alternate route through an insecure collaboration app. File permissions unintentionally marked as “public” can let information spill out, and the same can be said for unencrypted data. Even a minor leak can cause significant damage to your business, your customers, or your reputation.
5. Integration Risks and Malicious Apps
Collaboration tools and apps often integrate with other technologies. This is great for employees who want to seamlessly move from one app to another, but it creates significant security challenges if permissions are not monitored. Not all collaboration tools are created equally. Some legitimate tools have unknown security gaps that attackers can exploit to gain deeper access to your accounts and information. Other apps are specifically built with malicious intent.
An especially egregious example of this was the data breach that occurred at NewsCorp. The company had a malicious third-party app integrated with its Microsoft 365 environment. Because the bad app had permission to view employee mailboxes, the China-based attacker could read journalists’ emails and communications. It was a devastating attack that went undetected for a long time.
Mitigating the Cybersecurity Risks of Business Collaboration Tools
Now that we’ve laid out the threat landscape, discussing what you can do about it is vital. Your employees and peers use business collaboration tools. That’s a given. It's what you do about it that makes a meaningful difference between secure and productive versus risky and costly.
Train Employees on Security Awareness
It all starts with education. When employees are equipped with the latest information about possible red flags, common attack types, security protocols, and best practices, they tend to make better decisions. Employees must be encouraged to raise questions, contact coworkers through familiar channels to confirm asks, and push back on requests that don’t make sense. These kinds of environments empower staff members to think proactively about cybersecurity.
Contact the Source to Confirm Legitimacy
Attackers love urgent requests. When people move too quickly, they tend to overlook potential threats. Therefore, one of the best things you can do as an employee to protect your organization is to slow down.
If you receive an unusual request—or a request from an unusual channel—take a moment to reach out to the source via a more familiar channel. It only takes an extra moment to confirm the legitimacy of the ask before proceeding.
Only Adopt Trusted and Secure Collaboration Tools
Software as a Service is popular because it empowers employees with the tools they need to get the job done. But that doesn’t mean companies should let SaaS become a free-for-all.
Entrust your security and IT teams to select the SaaS and collaboration tools best fit for your needs and security concerns. This includes the reputability of the developer, built-in encryption, robust access controls, and regular service updates. Restrict access to tools that fall outside these recommendations and parameters. If a team member needs access to a different application, you can handle that on a case-by-case basis.
Implement Multi-Factor Authentication
Multi-factor authentication (MFA) adds an extra layer of security to your business collaboration tools. Even if an attacker can access an account due to a stolen or brute force password, it’s less likely they have physical access to a cell phone with the required authenticator code. That’s just one example, of course. Many organizations like to use Okta, Google Authenticator, or similar tools to stymie unauthorized access.
Regularly Audit and Configure Access Controls
Configuring access controls is crucial for maintaining robust cybersecurity. These access restrictions should be set as a default. Not only does this save employees from manually setting their own access controls, there’s simply no reason to give everyone in your organization access to everything. IT and security departments should define access controls based on role and team. This helps protect confidential information, safeguard intellectual property, and prevent unauthorized modifications to access controls.
As your organization grows, employees inevitably change roles and tech needs shift. You must stay ahead of these transitions by regularly auditing and constantly monitoring access controls.
Related Articles:
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Published: 11/22/2024
CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Why Application-Specific Passwords are a Security Risk in Google Workspace
Published: 11/19/2024