The hidden threat of business collaboration tools

In just the first year of the COVID-19 pandemic, U.S. employees increased their use of instant messaging (IM) and other non-email collaboration tools by 13%, according to recent research from Veritas Technologies. With the Delta variant now calling into question the return to normal work practices, you should expect even more employees to turn to alternative communication channels as long-term (multi-year) remote work seems likely.

Why should this concern you?

The survey found that 68% of U.S. office workers admit to sharing sensitive and business-critical company data using these tools. Furthermore, 58% said they save their own copies of business information shared over IM, while 51% said they delete that information entirely. With the ever-present threat of a data breach and government intervention, either of the above end user-level data management approaches could leave your company open to significant fines if regulators ask to see a paper trail.

The Danger Doesn’t End There

The 13% increase in the use of apps like Zoom and Microsoft Teams mentioned above means employees are spending on average two and a half hours every day on these tools, with 27% of employees spending more than half their workweek on them.

Employees admitted to sharing sensitive client information (13%), details on HR issues (10%), contracts (10%), business plans (10%) and even COVID-19 test results (12%) over messaging and collaboration tools. Less than one-third of employees suggested they had not shared anything that could be compromising.

In short, a significant amount of business is now routinely conducted on these channels, and employees are taking agreements as binding. For example, as a result of receiving information over messaging and collaboration tools, almost 24% of employees have accepted and processed an order, 25% have accepted a reference for a job candidate, and 20% have accepted a signed version of a contract. The research also revealed that while employees use these tools to close deals, process orders and agree to pay raises, many believe there is no formal record of these discussions or agreements. In fact, only 56% said they think their employers are saving this information.

When asked which methods of communication provide the most reliable proof an agreement is binding, responses didn’t appear to be based on the businesses’ ability to capture the discussion as evidence:

Email is viewed as a reliable affirmation of an agreement by 96%, followed by an electronic signature at 95%. But IM was trusted by 93%, text by 89% and even social media was viewed as reliable proof by 68%.

Eliminating the Risk

Employees are sharing sensitive data with these tools even though 39% said their leadership has reprimanded them for doing so. These admonishments may have been in vain, however, as 75% also said they would continue to share this type of information in the future.

It’s clear that constraining employees to “approved” methods of communication isn’t effective. Instead, the answer is: don’t fight it — fix it.

But how do you fix it?

You can start regaining control of the company data your employees are sharing over collaboration and messaging tools by:

• Listening before standardizing – Listen to employees before you standardize on a set of collaboration and messaging tools. The tools you have may “meet the needs of the business,” but do your employees feel they meet their needs? Actively discussing what messaging and collaboration tools your employees want to use before drawing the line will help limit sprawl.

• Creating a policy for information sharing – Are there certain types of information that employees absolutely cannot share over specific messaging and collaboration tools? Make your employees aware, but also consider allowing them to share other forms of information on the tools they’re most comfortable using. Your flexibility and their clear understanding of what they can’t share and where will help control sharing of sensitive information on tools that are an absolute no-go.

• Training all employees on the policies and tools deployed – This should go without saying, but unauthorized information sharing over unauthorized apps is all too often simply because employees don’t know or fully understand the available tools nor the consequences to the business of using unauthorized apps if a data breach occurs.

• Inviting at least some of the messaging and collaboration tools employees feel they need into the fold – This is the big one, and it can be very hard. It may mean you need to rethink your approach to data protection and compliance and even invest in tools that can help you incorporate the data sets from the myriad of collaboration and messaging tools your employees are using into your data protection, archiving and e-discovery strategy. This is the most important and ultimately the most effective step in empowering users to maximize their efficiency by using the tools they need without putting the business at risk.

Business data is now everywhere, a trend that began before the pandemic but has been dramatically increased by it. Deals are being done, orders are being processed, and sensitive personnel information is being shared through an unprecedented number of messaging and collaboration tools. It’s critical for you to start including this rapidly growing volume of data in your company’s data protection and compliance envelope.