Level-up your messaging app security
According to Nemertes, security concerns are the number one blocker of app adoption in the workplace.
So does achieving great collaboration in the workforce mean compromising on messaging app security? Some companies certainly think so.
There are now over 230 tools that give today’s teams the chance to collaborate. However, with any industry-changing technology, security is the top concern. In the Nemertes report, a large majority of IT leaders revealed they don’t have a strategy for dealing with sensitive data in communication apps.
Recognizing this, we’ve put together a list of tips and strategies companies can utilize to level-up their messaging app security.
1. Audit permission settings
Too much information is a real problem in enterprises. With so much information being shared on a day-to-day basis, everyone in your organization doesn’t need access to all your data. To avoid overfilling people with information, role-based permissions help businesses ensure the right people have access to the specific pieces of information.
High-grade enterprise messaging tools will offer control over permissions. For instance:
- Microsoft Teams: change default owners to members
When someone creates a new team in Microsoft Teams, they automatically become an owner. Owners of teams can dictate whether a team member can edit channel names, delete channels, add tabs or bots to a group. Make sure your default settings are updated per the needs of each team. Read more about how to do this here.
- Slack: Audit your guest user types
Should your guests be single-channel guests, or multi-channel?
Multi-channel guests can message people across multiple channels, members, workspace admins and workspace owners. Your multi-channel guests may have access to a lot of channels. Here, it’s important to leave any unrelated channels and regularly review if your guests are participating or just watching other people chat.
- Cisco Webex Teams: Audit your hosts and admins
Hosts and administrators in Cisco Webex Teams can grant and revoke access to specific pieces of content, giving them similar authority to owners in Microsoft Teams.
2. Update password rules and 2FA
When a new chat app is introduced, it may help to publish guidelines that cover things like:
Fine-tuning passwords: Cisco Webex Teams offers a range of options for fine tuning password enforcement. Admins can turn on a setting to require a password change during a user’s next login, specify a required password composition and configure predefined lists of unacceptable passwords.
Two-factor authentication: Slack and Microsoft Teams use two-factor authentication to supplement security. Check to make sure your 2FA setting is turned on as it may not be a default setting.
Slack Two Factor enhances messaging app security
3. Use chat prefixes and policies
Do you have guidelines for how employees should use your messaging apps?
In a discussion about enterprise messaging security, head of IT for charity: water, Ian Cook claimed that a significant concern for his team was people becoming too comfortable communicating over chat.
Users are familiar with the look and feel of messaging tools in the workplace. It’s very much like messaging in your home life. Staying on topic becomes more important in a business setting. Try these strategies that we learned from Breather in an article on the Dispatch blog.
Department and topic prefixes: Using office location prefixes like #AUS or topic prefixes such as #FORUM help police chat and give context to content.
Decision to DM: Remember when the big question used to be whether to respond via email directly or reply all? In the world of Slack, the big question is whether you should DM or create a private channel. Establish some ground rules and guidelines as to when and where you should reply via DMs.
4. Choose the right tool based on your industry compliance needs
Every business has regulations and compliance to adhere to, but some more-so than others. The leading enterprise messaging apps come with compliance baked-in. Here’s some of the compliance standards you can expect:
- Microsoft Teams: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses.
- Slack: Cloud Security Alliance (CSA), SOC 3, SOC 2, FedRAMP, HIPAA, ISO/IEC 27001, ISO/IEC 27018, NIST 800-171, and the EU/US Privacy Shield
- Cisco Webex Teams: ISO 9001, SOC2 type 1, EU-US Privacy Shield, Swiss-US Privacy Shield, EU Model Clauses, ISO 27001, APEC Cross-border security
5. Create more opportunities for interoperability and collaboration
One of the most significant security pitfalls is Shadow IT. According to one Cisco blog, 98% of business apps and tools are Shadow IT. More specifically in the messaging arena is shadow messaging. Apps like Slack started off as shadow messaging in enterprises. If you take the stance where you block everything you don’t understand, or apps that are frowned upon in traditional business, you’ll end up with nobody using the tools you pay for. Everybody will be bringing their own app and collaborating outside of the business collaboration suite.
People assume the easiest way to prevent Shadow IT is to ban team members using from unapproved apps. This rarely works out the way the business would hope. Instead, find a middle ground that is more flexible, with a policy for sharing sensitive data in appropriate apps.
Top IT professionals know that managing risk in collaboration is all about finding safe opportunities for users, rather than blocking access to certain tools.
With an interoperability app like Mio, you can give your team opportunity to use any three of the most secure enterprise messaging apps available today: Microsoft Teams, Slack & Webex Teams. What’s more, when conversation is synchronized across any combination of these apps, using Mio, employees begin to use it more. Less communication friction + more time spent in secure tools = a win/win for your entire org.