Collaboration App Cybersecurity Issues Have Remote Workers Looking for Alternatives

As an increasingly large percentage of work moves online, bad actors are attempting to inject malware into streams that they wouldn’t have ever considered valuable in the past. Messaging and chat services were traditionally considered low-value to attackers, who usually looked for places that they could grab a great deal of sensitive information from. This information could then be encrypted and held for ransom or, alternatively, sold on the open market.

These trends have changed sharply as a result of the growth in the remote work industry. A new study suggested that 71 percent of employees share critical business information using an instant messaging tool. These tools are often designed with collaboration rather than security in mind, making this statistic that much more startling. Cybersecurity analysts are now advocating a series of remediations that could make these services more safe to use.

The Danger of Sharing Information in a Public Room

Considering that an overwhelming majority of web chat services boast at least some form of encryption, it‘s easy to imagine that you’re safe when discussing business matters inside of a private chat room built solely for the sake of having such conversations. In many cases, though, the terms of service put out by the organizations that manage these apps include text that suggests they’re not as locked down as they might seem. Certain applications actually allow developers from their parent companies to examine the contents of rooms selected at random, ostensibly for quality control purposes.

It’s relatively obvious what might happen if this information were to fall into the wrong hands, but what’s more concerning is that many platforms that claim to have full endpoint security aren’t necessarily locked down the way that people think they are. For instance, those looking into Slack have traditionally been pleased by the fact that they don’t voluntarily disclose information to governmental authorities.

Parties involved in litigation, however, can request information from Slack as evidence in a lawsuit. Slack’s own transparency report admits that they disclosed information at least 10 times between November 1, 2017 and April 30, 2018, so it’s likely that this is more common than it sounds. While this is somewhat small considering the large number of users on the platform, it’s important to keep in mind considering the possibility of someone issuing a targeted request in order to collect information about a potential business competitor.

Breaches have been a major problem with platforms like Slack, Skype and Discord as well. The problem isn’t even just restricted to communications platforms. As the education market has moved both employees and students to an online workplace, it’s become an increasingly large target as well. In March 2021, around 5 million accounts from online education site Descomplica got posted to a cracker’s forum. This breach included far more than what you’d normally find people discussing in your average Slack room or Discord server, but it does serve to prove the point that serious security questions should be raised by anyone using a public service such as these.

While some cybersecurity advocates have suggested that people move exclusively to private cloud accounts as their only form of communication, there are much more reasonable alternatives out there that are becoming popular with people in the meantime.

Alternatives to Traditional Online Communications Platforms

Many public email providers have faced the same kinds of criticism that online chat services are facing, which is why it’s so surprising that a great deal of secure business communication is actually moving back to email instead of graduating to another more recent protocol. However, secure private email accounts are far easier to operate than private cloud services, and they’re seen as an excellent way to safeguard against potential data breaches. Best of all, they’re interoperable with any other email service.

However, that might prove problematic since major email providers like Gmail have admitted to scanning through messages received on their end, which is a privacy concern when discussing certain types of sensitive information related to specific business practices. While an effective remediation for this issue is as simple as making sure people don’t send emails to anyone who is out of the corporate network, that’s almost impossible to enforce except by imposing a very strict allow-list policy that filters outgoing emails if they’re directed to anyone outside of a select group.

As a result, some have taken to using enterprise-level entity resolution tools to communicate with one another in spite of the fact that this isn’t normally considered part of the design specification of this kind of software. Considering that fake collaboration apps as well as compromised ones that take advantage of insecure mobile devices have started to siphon away information from various users, this sort of solution is gaining a real foothold.

That’s especially true in industries where remote workers are required to manage their own tech, which increases the chances they might fall prey to an imitator.

Repurposing Existing Tools for Newer, More Secure Uses

Countless pieces of software have some sort of communications module built into them, but these are seldom used outside of very specific circumstances. However, over time IS department staffers have started to find drastically new methods of deployment that favor these over other technologies. If a person is able to send a message through a specific app, then there’s no reason they shouldn’t be doing so according to this line of reasoning. Standard data validation subroutines are often built into these programs as well, which has helped to make them an even more attractive alternative.

Admittedly, digital security by obscurity isn’t the best practice, but there’s nothing wrong with relying on it as one possible method of dealing with the problem. That’s one of the methods that Unix-inspired PC operating systems like GNU/Linux have used to stay safe after all these years.

Eventually, new communications protocols will have to be developed from scratch. That being said, radical reapplications of existing systems might very well be the technique that allows businesses to continue to communicate until something completely new is in place.