The increased adoption of virtual collaboration systems – like Microsoft Teams – due to the pandemic has created a new, hybrid workforce. While this massive switch has allowed organizations to operate during these unprecedented times, new threats have arisen. Cyberattacks – including ransomware – have increased by 62% over the last year. This has led the White House to declare the threat of cybercrime on-par with terrorism.
While cybercriminals and hackers have become the face of these attacks, human error is actually the largest risk factor leading to an attack. In fact, nearly 95% of organizations that experienced a cyberattack or data incident last year did so due to internal human error.
Organizations need to develop a data protection plan that not only helps them secure their data, but also eliminates human error surrounding their workspaces as well. Organizations can achieve this by implementing process-driven collaboration, protecting data with need-to-know security models, and minimizing unnecessary data.
Provision Projects Across Systems and Reduce Data Chaos
When left to their own devices, users often save and store data within locations most convenient to them – such as their vulnerable personal drives. While this may seem innocent enough, it is actually a major cyber risk as users begin to create data chaos. This data chaos inhibits users from locating content in a timely fashion and can create immense difficulties when it comes to collaboration. Risk management teams also struggle to identify projects and documents, meaning they can’t apply proper security and/or minimization policies across systems.
An increase in data chaos can also lead to an increase in the amount of unnecessary data floating around a collaboration system. This means cybercriminals could steal and ransom data if they were to gain passwords and credentials of a user.
If a breach were to occur, a cybercriminal would be able to access these files without issue, copying and deleting files for as long as 280 days before being discovered. In that time, your organization will have lost millions of dollars’ worth of data, not to mention regulatory penalties and fines. For organizations that rely on multiple collaboration systems, data chaos can become exponentially worse – leading to even greater risks of cyberattacks.
To mitigate this, organizations should provision their workspaces and folders f, in order to organize their engagements, matters – whatever you may call it – across collaboration systems. When users know where to place data, they are less likely to save it in their local drives, reducing the risk that a hacker will get access to their content.
From there, organizations can add rich, custom metadata to projects or matters across systems. Adding and tracking such custom metadata allows users to quickly search and find their content, improving collaboration and productivity. This metadata also enables your risk management teams to understand business context of data and apply relevant security and minimization policies.
Regulate User Access Permissions
Another important notion regarding data protection is that users should not have free reign to access whatever data they want. In reality, users don’t need to have access to all the data in a given organization. Instead, organizations should operate on the basis of “least privilege” and establish a Zero-Trust security model.
Through this method, users start with the minimum level of access they need to complete their jobs. As the status of certain projects change — or when a user departs an organization or department users should have their access permissions removed. This practice isn’t only for when users leave a project or organization. Recent hires need to have permissions granted when they join an organization. Not only that, but your organization will also need to add users to an ongoing project over the course of its lifecycle.
Your risk management team can also utilize the metadata we discussed previously to determine when users need permissions stripped or added user permissions on a role-basis with expiration dates.
If a hacker were to gain the credentials of a user, it is unlikely that they would be able to gain access to an exorbitant amount of files. Once the breach occurs, the risk management team can quickly remove all permissions from the affected user, denying the cybercriminal the opportunity to interfere with your data.