In a recent webinar on secure collaboration, David Danto, Director of UC Strategy and Research at Poly, raises a few salient points about the state of the issue:
- This isn’t a new topic – we’ve been discussing the importance of collaboration security for many years – at InfoComm as well. Many people have not paid appropriate attention.
- The COVID-19 pandemic has prompted a tremendous influx of collaboration users, exacerbating weaknesses in the technology and platforms to an inappropriately elevated level.
- All collaboration platforms have vulnerabilities. Users should not fall for FUD (fear, uncertainty, doubt) where competitors throw stones at rivals to remove attention from their own failings.
- Find vulnerabilities and fix them. We shouldn’t judge providers on inevitable vulnerabilities, but rather on their response to them.
In order to understand the entire situation, David breaks the risks into three categories – Access Risks, Data Risks, and Equipment Risks.
What Are Access Risks?
Access risks occur when you’ve allowed an unwelcome third party to join or see/hear your collaboration process. These are the equivalent of leaving your door open. If you’ve never bothered to learn how to lock it, please don’t go blaming the door manufacturer.
What Are Data Risks?
Data risks are vulnerabilities or inappropriate conditions that allow your information(data) to go somewhere it shouldn’tbe going, or allow it to get into the hands of hackers. Assessing how critical that data is and how bad its exposure would be are first steps to data risk mitigation.
What Are Equipment Risks?
Different types of endpoints also carry different risks. The more things you do with the equipment you use for collaboration, the more data that there is on them that a hacker or piece of malware might want to exploit.
Each risk has common sense best practices to improve security.
To Mitigate Access Risks:
- Use passwords and change them often
- Lock rooms when all participants are present
- Use appropriate platforms and tools
To Mitigate Data Risks:
- Understand the nature of your data and applicable laws
- Understand the features and functions of your platform
- Read, understand and, if necessary, negotiate the End User License Agreement
To Mitigate Equipment Risks:
- Use the least vulnerable device you can for each circumstance
- Ensure all updates are completed and tested
- Where possible, collaborate on a device dedicated only for collaboration