Communication tools: How to prevent the wild growth

With the Corona-induced rapid rise in home offices, the use of new collaboration and communication tools has also increased. But these are not always secure and trustworthy. Many employees don't think twice about the sensitive data they send via such applications. Often, this is because companies have not communicated specific guidelines on how to use the new tools, or have introduced unfit solutions under time pressure. According to VNC, the leading developer of open source-based enterprise applications, the most important recommendations for companies that want to enable their employees to exchange data in a privacy-compliant and secure manner are:

1. Clear tool specifications: Companies need to provide their employees not only with secure communication tools, but also with ones that meet their needs. Otherwise, they cannot work together efficiently and look for their own solutions - and these are usually the ones they also use privately. These are usually unsuitable for exchanging sensitive company data. For this reason, companies should clearly specify the tools to be used, but also explicitly point out that other applications may not be used - and block their use as far as technically possible.
2. Selection of safe products: Companies should not simply go for the best-known names, but should take a close look at the available solutions. Cloud services, for example, can be introduced quickly, but are often questionable from a data protection perspective. In particular, services from providers in the USA are generally ruled out under the GDPR because the "Cloud Act" allows US authorities to access data - regardless of where the service is hosted and where the company using the service is based. However, even running an application on your own infrastructure is no guarantee of maximum security and data protection, because companies often lack the expertise or use closed-source solutions. With these, no one except the developers knows what happens to data and whether there are vulnerabilities in the software. Open source is a secure alternative that also usually supports different modes of operation: on the company's own infrastructure or a reliable service provider, or in a secure environment at a trustworthy service provider.
3. Arrangement of means and channels of communication: One of the biggest challenges when collaborating in distributed teams is to communicate efficiently. Not every tool is suitable for every arrangement and every data exchange. Companies should therefore work with their employees to determine which solutions make the most sense in which situations. In doing so, they can also define alternative channels, specify contact persons, and agree on ways of checking back so that processes are clearly regulated and employees do not fall for scam attempts such as scam calls or fake e-mails.
4. Secure endpoints and infrastructure: Secure communication and collaboration solutions alone are not enough, because if cybercriminals use other gateways, company data is still at risk. Therefore, companies must consistently protect all end devices and their entire infrastructure. This means not only using reliable security solutions, but also applying all software updates and patches quickly to reduce the attack surface.
5. Training and guidelines for employees: Employees need training so that they use the tools on offer correctly and don't leave them behind because they can't cope with them. In these training sessions, they also learn how to use the new tools in a security-conscious manner and learn more about the company's security guidelines for remote work, such as that they should avoid making professional phone calls in public, should not leave their notebook unattended there, and should also lock it in the shared room when they are not sitting at it.

"Companies need to provide their employees with secure and privacy-compliant, but also easy-to-use tools for sharing with colleagues so that they can collaborate efficiently in the home office and on the road. If companies do not do this, they risk a shadow IT, because employees look for their own applications to exchange information," explains Andrea Wörrlein, Managing Director of VNC in Berlin and Member of the Board of Directors of VNC AG in Zug. "To ensure that the collaboration and communication tools they use fit their employees' needs, companies should involve them in the selection process from the start and keep them closely involved during implementation."

About the author:
Andrea Wörrlein is managing director of VNC in Berlin and member of the board of directors of VNC AG in Zug.