With millions of workers still working remotely, data privacy and compliance issues are top of mind for IT teams. Keeping teams compliant and ensuring proprietary data isn't shared illegally can be difficult with employees working on their home networks, especially for highly regulated industries such as financial services and healthcare.
We spoke with Brian Mannion, Chief Legal and Data Protection Officer of Aware to discuss how businesses can manage the data governance risks associated with collaboration platforms and successfully overcome challenges with eDiscovery.
What are the biggest data risks associated with collaboration platforms such as Slack, Teams, Yammer, etc?
Compared to email, many employees use collaboration tools as a more casual form of conversation which can lead to more sensitive information like login credentials and credit card numbers being shared more freely. Employees who are simply trying to work efficiently may inadvertently share sensitive information in the wrong channel or with the wrong people. Depending on the employees, the volume of chat messages may outweigh the amount of emails being sent, which means the data has an even greater chance of carrying sensitive information.
What are some of the challenges with data governance when it comes to collaboration platforms versus traditional emails?
The unstructured nature of collaboration data, along with shorter and more frequent conversations, makes it more difficult to find what you’re looking for and to control the flow of data. It’s critical to be able to uncover the original message while tracking any edits, deletions, images files or other attachments. The message sentiment is also important to take into consideration, in addition to the surrounding messages to understand the full context of the conversation – as this will help identify intent.
What are some best practices IT leaders can implement to keep sensitive data found on collaboration platforms safe and secure?
Defining the right data access for users across legal, HR, IT and operations is key for keeping sensitive data out of the wrong hands. Define levels of access for communication data for each group. Who has permissions to search and extract public and private messages? Who is in charge of data loss prevention management?
It’s also important to understand where employees are collaborating and even consider shadow IT possibilities . If IT leaders don’t understand which tools are used – or have control over the tools – this opens the company to major organizational risks. Providing IT-sanctioned tools that employees actually use and want helps your company maintain a level of control on the data.
How should eDiscovery be handled on collaboration platforms? What other security measures should be put in place?
Companies need the ability to create a collaboration data archive for eDiscovery and internal forensics, as well as to preserve important conversation context, while also limiting the surface area risk by systematically purging data via ongoing retention policies. Additionally, real-time compliance monitoring is incredibly important for these tools – conversations proliferate quickly, so IT and information security teams need to understand immediately if sensitive information is shared or other compliance policies are violated.
What should IT teams be on the lookout for in the future when it comes to data governance and eDiscovery on collaboration platforms?
Even with companies slowly returning to the office, collaboration platforms like Slack and Teams will continue to be essential for businesses. More recently, these collaboration platforms are starting to be used for communicating with external customers and businesses rather than just email. However, this opens up new security and data governance complications as the collaboration data is now being purposely sent externally. This external funnel of communication can potentially expose both companies to greater risk, and they’ll need to be mindful of how the data is monitored.