Organizations need a well-thought-out strategy to minimize the threats associated with collaboration tools.
Collaboration tools have become an essential part of the modern workplace. They enable remote and mobile workers to stay engaged and geographically dispersed teams to keep projects on track. Unfortunately, collaboration tools can increase the risk of malware infection, credential compromise and data exposure if they aren’t effectively secured.
Metrigy conducts an annual study on Workplace Collaboration and Contact Center Security and Compliance. The 2024-2025 study found that more than 20 percent of organizations had an attack on their communication, collaboration or contact center platforms in the past year. That represents an increase of almost 300 percent since Metrigy’s first study in 2021.
However, few organizations have a well-thought-out strategy for securing collaboration tools. According to the Metrigy study, just 35 percent of organizations have a formal program for securing all their communication and collaboration tools. One-third say they’ll have a program in place by the end of this year, but those numbers are virtually unchanged from Metrigy’s 2023 study.
The Risks of Doing Nothing
It’s virtually impossible to secure the collaboration environment without a proactive plan. There are simply too many communication channels and too many different collaboration platforms to protect. Gone are the days when organizations only had to worry about securing the phone system and email. Online chat, video conferencing, document sharing and other tools all create security risks. Most online collaboration platforms have some security measures, but it’s up to customers to protect user identities and sensitive data.
Collaboration security risks are constantly evolving. AI is enabling cybercriminals to orchestrate sophisticated attacks and target victims with voice and video impersonation. In one recent incident of cyber fraud, a finance worker was duped into wiring $25 million to attackers based on a video call with AI-generated impersonations of his CFO and other colleagues.
Less sophisticated attacks can also cause serious damage. Malicious URLs and attachments can be shared across a large user base, quickly spreading throughout the IT environment. Attackers can exploit vulnerabilities in collaboration tools to steal credentials and exfiltrate sensitive data. Traditional security measures are largely ineffective against these threats.
The Shadow IT Problem
The lack of an overarching collaboration strategy also encourages users to choose their own collaboration tools so that they can communicate with customers and colleagues and gain access to the latest capabilities. Often, they’ll use consumer-grade tools that lack enterprise-class security features. Because IT is unaware that these applications are in use, activity can’t be monitored and controlled. Furthermore, few consumer-grade applications satisfy government and industry regulations for privacy and data protection, which can lead to costly compliance violations.
In addition to increasing security risks, this “shadow IT” environment creates a fragmented approach to collaboration. Organizations wind up with “islands” of collaboration, negating many of the benefits the applications were supposed to provide. Shadow IT also increases costs when organizations pay for duplicative subscriptions or fail to take advantage of bulk subscription plans.
Policies Are Key
The first step toward effective collaboration security is to define policies that balance collaboration risks with the business value of the applications. These policies should focus on the business, legal and regulatory requirements for data protection and retention. What data must be encrypted? When should it be archived? Policies should meet these requirements without being so strict that users circumvent them with workarounds.
When implementing these policies, it’s not enough to inform users of the new rules and hope for the best. IT should monitor user behavior and measure policy compliance against pre-defined thresholds. The organization can then determine if additional training is needed or if collaboration tools need to be reconfigured to discourage risky practices.
Widespread noncompliance could indicate that collaboration policies don’t fit the organization’s culture and workflows. In any event, organizations should regularly assess collaboration policies to determine if they still meet business needs. Policies should also be redefined when new collaboration technologies are adopted.
Choosing the Right Tools
Even if users are aware of security policies, behaviors don’t always align with policies. To close this gap, organizations should implement an enterprise-class collaboration platform with integrated security tools that provide various levels of control.
Most organizations leverage cloud-based collaboration tools because they offer access to state-of-the-art features with little or no upfront costs and faster deployment. When evaluating cloud providers, organizations should consider where the provider’s data centers are located and whether they meet the highest standards for security and business continuity.
Administrators should be able to manage policies across all communication channels through a single web-based console. It should be easy to add, delete and change users and services and apply granular policies to various types of data.
Collaboration is critical to business success but it must be done securely. Armed with an understanding of the threats, organizations can develop the right policies and implement tools that enable users to work collaboratively without security risks.
