Communication tools: Preventing uncontrolled growth

With the Corona-induced rapid increase in the use of home offices, the use of new communication and collaboration tools has also increased. But these are not always secure and trustworthy. Many employees don't think about what sensitive data they are sending via such applications. Often, this is because companies have not communicated specific guidelines on how to use the new tools, or have introduced unsuitable solutions under time pressure. The most important recommendations for companies that want to enable their employees to exchange data in a privacy-compliant and secure manner are as follows VNC, the leading developer of open source-based enterprise applications:

1. Clear tool specifications: Companies need to provide their employees not only with secure communication tools, but also with ones that meet their needs. Otherwise, they cannot work together efficiently and look for their own solutions - and these are usually the ones they also use privately. For the exchange of sensitive company data, these are mostly unsuitable. Therefore, companies should clearly specify the tools to be used, but also explicitly point out that other applications may not be used - and block their use as far as technically possible. 
2. Selection of safe products: Companies should not simply go for the best-known names, but should take a close look at the available solutions. Cloud services, for example, can be introduced quickly, but are often questionable from a data protection perspective. In particular, services from providers in the USA are generally ruled out under the GDPR because the "Cloud Act" allows US authorities to access data - regardless of where the service is hosted and where the company using the service is based. However, even running an application on your own infrastructure is no guarantee of maximum security and data protection, because companies often lack the know-how or use closed-source solutions. In the case of closed source solutions, no one except the developers knows what happens to the data and whether there are any vulnerabilities in the software. Open source is a secure alternative that also usually supports different modes of operation: on the company's own infrastructure or a reliable service provider, or in a secure environment at a trustworthy service provider.
3. Arrangement of means and channels of communication: One of the biggest challenges when collaborating in distributed teams is to communicate efficiently. Not every tool is suitable for every arrangement and every data exchange. Companies should therefore work with their employees to determine which solutions make the most sense in which situations. In doing so, they can also define alternative channels, specify contact persons and agree on consultation options so that processes are clearly regulated and employees do not fall for scam attempts such as scam calls or fake e-mails. 
4. Secure endpoints and infrastructure: Secure communication and collaboration solutions alone are not enough, because if cybercriminals use other gateways, company data is still at risk. Therefore, companies must consistently protect all end devices and their entire infrastructure. This means not only using reliable security solutions, but also applying all software updates and patches quickly to reduce the attack surface.
5. Training and guidelines for employees: Employees need training so that they use the tools on offer correctly and don't leave them behind because they can't cope with them. In these training sessions, they also learn how to use the new tools in a security-conscious manner and learn more about the company's security guidelines for remote work, such as that they should avoid professional phone calls in public, should not leave their notebook unattended there and should also lock it in the shared apartment when they are not sitting in front of it. 

"Companies need to provide their employees with secure and privacy-compliant, but also easy-to-use tools for sharing with colleagues so that they can collaborate efficiently in the home office and on the road. If companies do not do this, they risk a shadow IT, because employees look for their own applications to exchange information," explains Andrea Wörrlein, Managing Director of VNC in Berlin and Member of the Board of Directors of VNC AG in Zug. "To ensure that the collaboration tools used fit the requirements of the employees, companies should involve them in the selection process from the very beginning and closely integrate them during the introduction."

Source: VNC