Report: Collaboration Tools Like Microsoft Teams, Slack Pose Security And Compliance Risks

Today’s business collaboration platforms and tools continue to evolve, and recent headlines from Wall Street suggest that regulatory compliance can no longer be an afterthought. Theta Lake recently published its annual research, the 2022 Modern Communications Security and Compliance Report. Surveying over 500 global compliance and security leaders, the report found that two-thirds (66%) of respondents believe employees in their companies are using unmonitored communications channels, posing big risks for security and compliance.


67% expect the usage of collaboration tools across popular platforms like Microsoft Teams, Zoom, Webex, Slack and RingCentral to increase – presenting complex challenges for those tasked with maintaining compliance, security and data privacy. As new communication channels proliferate, legacy and often manual archiving solutions are leaving critical blind spots.


Stacey English, Theta Lake

We spoke with Stacey English, Director of Regulatory Intelligence at Theta Lake to dive further into the report:


How has communication at work changed since Return to Office (RTO) initiatives kicked off?



While we’re seeing more of a shift towards a hybrid office environment, that hasn’t

changed the virtual working nature we’ve become accustomed to over the past three

years. The adoption and usage of unified communication platforms remain the foundation of the modern workplace, and it continues to grow. More than two-thirds of respondents in Theta Lake’s 2022 Modern Communications Compliance and Security survey report expect the usage of collaboration tools across popular platforms like Microsoft Teams, Zoom, Webex, Slack and RingCentral to increase in the next year. In fact, employees are leaning further into messaging and video for a quicker and easier way of communicating with colleagues and clients alike. That can be seen through a growing preference for the feature-rich tools available through these platforms over legacy methods of communication, with 81% using chat and 63% using video as much or more than email to communicate.


From a security and compliance perspective, the regulatory expectations remain the

same wherever individuals work. With the pandemic largely over, RTO means people

are “on the go” and traveling again. The increased use of mobile messaging and

collaboration tools presents the same risks and challenges whether employees are in

their homes, within the walls of an office, or communicating from a train or coffee shop. 


What was most surprising about this research? 


Collaboration platforms have been integral to business operations over the last three

years, and our research indicates that usage isn’t slowing down, making it all the more

important for organizations to have complete visibility into the channels employees are

using to collaborate. Our report uncovered a significant gap between business

communication platforms and the visibility needed to remain in compliance, with 39% of

respondents citing gaps in coverage as a top challenge.  


One of the biggest surprises, and concerns, is that two-thirds of respondents believe

their employees are using unmonitored communication channels. This comes at a time

when intense regulatory scrutiny and enforcement are surrounding unmonitored

channels, like mobile messaging and WhatsApp, resulting in over $2 billion in fines from

financial regulators in the US. We can expect other regulators and jurisdictions to follow

suit, so this is a wake-up call to heavily regulated industries to implement compliance

and security tools that support modern business collaboration. 


There's a line between compliance and security. How should organizations be

thinking about their approach to both? 


Underlying all the compliance challenges with the usage of modern communication tools

is a fundamental concern about the security of sensitive information. In particular, the

transfer of files via chat, the ability to share links in chat or on screen and the risks of

screenshare are considered the greatest risk to compliance, security and privacy. 

In practice, that leads to many compliance teams trying to control communications by

turning off key features or banning the channels they believe are the riskiest, which

leads to disgruntled employees who seek out unmonitored platforms to engage with

customers.

  

The evolution of workplace communications necessitates that compliance, security and

unified communications teams be interlocked in decision-making moving forward.

Organizations need to incorporate market-leading tools that support compliance

integration with rich feature sets and modernize with the compliance and security tools

that support those features and integration capabilities. By creating a positive path of

least resistance for employees, businesses can increase productivity while compliantly

communicating with customers and partners where and how they prefer. 


How should organizations approach improving the security of their workplace

communications in 2023?


For compliance teams that use legacy archiving solutions, modern communication

platforms have proven difficult to oversee. For example, our report found that 85% of

organizations experienced challenges in retrieving records, while 33% used significant

manual resources to search multiple systems and modes of communication. With gaps

in coverage cited as a top challenge with current archiving tools, the findings highlight

the growing divide between tools built for email and the need for enhanced archiving and

supervision capabilities to keep pace in today’s increasingly complex communications

environment.


As businesses chart a path forward, the focus should be on picking the right subset of

the most advanced, market-leading UC tools like Zoom, Slack, RingCentral, and Cisco

Webex for compliance integration and modernization with tools like Theta Lake, that

provide tightly integrated compliance and security coverage for the full feature set of

those UC tools. 


This approach will ensure organizations are protected from potential fines and sanctions

for not having visibility into or being able to provide timely, complete communications

records for investigations, litigation, data privacy or other compliance purposes.

###