How companies can prevent a risky growth of communication tools

Messengers, video chats and other communication tools have become an integral part of work and are routinely used for exchanging work-related data and information. However, employees often violate data protection and security guidelines when doing so. VNC lists five basic requirements for secure collaboration in distributed teams.

According to VNC, With the rapid increase of employees working from home due to the Corona pandemic, the use of new communication and collaboration tools has also increased. But these are not always secure and trustworthy, and many employees do not think twice about the sensitive data they are sending via such applications. Often, this is because companies have not communicated concrete guidelines for using the new tools or have hastily introduced unsuitable solutions in a rush. According to VNC, the leading developer of open source-based enterprise applications, the most important recommendations for companies that want to enable their employees to exchange data in a privacy-compliant and secure manner are:

1. Clear tool requirements: Instead of simply going for the most widely-known brands, companies should take a close look at the solutions available. Cloud services, for example, can be introduced quickly, but are often questionable from a data protection perspective. Services from providers in the US are generally ruled out for European companies under the GDPR because the Cloud Act allows US authorities to access data – regardless of where the service is hosted and where the company using the service is based. However, even running an application on your own infrastructure is no guarantee of the highest level of security and data protection, because companies often lack the expertise or use closed-source solutions. In the case of closed-source solutions, only the developers know what happens to the data and whether there are any vulnerabilities in the software. Open source is a secure alternative that also usually supports different modes of operation: on the company’s own infrastructure or that of a reliable service provider, or in a secure environment at a trustworthy service provider.
   
   
2. Selection of secure products: Instead of simply going for the most widely-known brands, companies should take a close look at the solutions available. Cloud services, for example, can be introduced quickly, but are often questionable from a data protection perspective. Services from providers in the US are generally ruled out for European companies under the GDPR because the Cloud Act allows US authorities to access data – regardless of where the service is hosted and where the company using the service is based. However, even running an application on your own infrastructure is no guarantee of the highest level of security and data protection, because companies often lack the expertise or use closed-source solutions. In the case of closed-source solutions, only the developers know what happens to the data and whether there are any vulnerabilities in the software. Open source is a secure alternative that also usually supports different modes of operation: on the company’s own infrastructure or that of a reliable service provider, or in a secure environment at a trustworthy service provider.
   
   
3. Agreeing on communication tools and channels: One of the biggest challenges when working together in distributed teams is communicating efficiently. Not every tool is suitable for every arrangement and every data exchange. Companies should therefore work with their employees to determine which solutions make the most sense in which situations. In doing so, they can also define alternative channels, specify contact persons and agree on consultation options so that processes are clearly regulated and employees do not fall for scam attempts such as scam calls or fake e-mails.
   
   
4. Secure end devices and infrastructure: Secure communication and collaboration solutions alone are not enough, because if cybercriminals use other gateways, company data is still at risk. Companies must therefore consistently protect all end devices and their entire infrastructure. This means not only using reliable security solutions, but also quickly applying all software updates and patches to reduce the attack surface.
   
   
5. Training and policies for employees: employees need training so that they use the tools provided properly and efficiently. In this training, they should also learn how to use the new tools in a security-conscious manner and learn more about the company’s security policies for remote work, such as avoiding work-related phone calls in public, leaving their notebook unattended, and locking their devices in shared living situations when they are not sitting in front of them.

"Companies need to provide their employees with secure, data-protection-compliant and easy-to-use tools for exchanging information with colleagues so that they can collaborate efficiently at home and on the road. If companies don’t do this, they risk creating shadow IT, because employees will look for their own applications to exchange information,” explains Andrea Wörrlein, Managing Director of VNC in Berlin and member of the Board of VNC AG in Zug. “To ensure that the collaboration tools used fit the requirements of the employees, companies should involve them in the selection process right from the start and closely integrate them during the introduction."

Source: VNC media announcement