The skyrocketing popularity of collaboration tools like Microsoft Teams and Zoom for telework created a relatively new attack vector for hackers. Bad actors are now turning to methods like “Zoom-bombing” and requesting to collaborate on documents in Teams to gain access to sensitive information.
“The rapid shift to support remote work is where many organizations have sacrificed security to maintain operations. They’ve taken data that was otherwise locked down and exposed it in places like file shares or collaboration tools like Office 365. They haven’t gone through and applied all the same controls that they did in the on-prem world,” Matthew Radolec, Director of Security Architecture & Incident Response at Varonis, explains. “The risk from overexposed sensitive data has significantly increased with the adoption of collaboration tools that decentralize who can control and manage access to information.”
Here are a few recommendations for agencies looking to keep their sensitive data secure while embracing collaboration tools as telework continues for many:
Manage Risk by Controlling Access
When operating in the legacy world, organizations used on-prem environments in which Security & Infrastructure teams manage and control access. However, the increased use of collaboration tools in the telework environment turned this model on its head by giving end users control over the organization’s data, sensitive or not. End users are generally not as skilled at controlling and managing access to sensitive information, and too much access places organizations at risk.
To mitigate risk, Radolec suggests monitoring and controlling access. “Managing risk starts by focusing on understanding where your important data is. Manage access to that information by controlling who has access to what,” says Radolec. “Monitor your data to understand who might be misusing or abusing it, whether that’s an insider threat or an external attacker attempting to launch a cyberattack.”
Don’t Underestimate Use of Collaboration Tools
Underestimating the use of collaboration tools across the enterprise is one of the biggest mistakes agencies can make. Radolec recommends agencies spend time to identify how these tools are used across teams. It is also important not to overlook compliance. Going one step further, agencies should consider the effectiveness of current monitoring efforts. Once agencies have a firm grasp of the different tools employed across their organization and their effectiveness, they can begin to use behavior analytics to identify anomalies strategically.
Analyze Threats as They Occur
It’s important to analyze alerts from attacks as they occur to keep risk low. “A lot of attacks start with phishing emails, reconnaissance, or an attempted lateral movement,” says Radolec. “If you’re able to pick them up earlier in the kill chain or the attack framework, you’re able to stop them before they turn it into a breach.”
Radolec explains that this is where Varonis can help: their free Data Risk Assessment quickly and effectively enables organizations to identify vulnerabilities and security risks in their data.