Internal and external commms are an age-old miniefield for security leaders, with teams balance security with usability. In some cases, Insecure Comms Systems Can Turn Otherwise Diligent Top Teams and Employees Into (Accidental) Insider Threat. This presents two key challenges: data loss prevention and corporate buy in.
Let's start with data loss prevention. The recent leak of information on American Military Operations via Signal is an extraordinary incident – but it may be more commonplace than we think, especially within corporations. Politics and legal issues aside, the exchange of sensitive organisical data on systems that are designed for
Incidents like this highlight why it's not worth the risk to use Unvetted Third-Party AppsLike Signal or Whatsapp, Despite their ease of use. Leaks from chats like this can be ruinous to the reputation of an organization, resulting in financial loss, reputational and legal damage and, in some cases, non-comPLIANCE. Often, conversations help on apps that are over -overseen or approved by security teams are not official logged, which can be a problem for compliance. In some Industries, LIKE Finance and Healthcare, For Example, Organizations are expected to keep logs of conversations to meet compliance, with disappearing messages, as an example, violating this. On the other hand, some Organizations (Like many of that in the retail and media sector) have very short data retention policies, with written, non-disappearing messages vioolating this.
Usability and getting Organisational Buy-in
It's important to consider Why Employees turns to external messaging apps so security professionals can build secondals tech that people will be actually used. Simply put, someimes employEs turns to non-org issues apps due to ease of use and accessibility. Top teams are especially prone to this, with any sort of restrictions running the Risk of Slowing Work Down – and time is money.
Security Teams are challenged with Trying to Provide Secure Tech that will actually be used with the approves security measures measures built in. These apps should be encrypted and let people get their jobs by efficiently and with little friction. Equally, Employees must be educated on the risk (and laws) of using unapproved third-party apps, as well as the personal and organisical reepersions of not using them.
The Rise of byod
Modern working conditions, Like Hybrid WorkingHave further complicated the matter. Personal devices being used for work and 'brings your own device' (byod) models are on the risk across organizations. Oftentimes this is because it reduces costs and incurses flexibility. Whilst these devices enable Quick Conversation Between Teams, Unmonitured Personal Devices Can mean a Lack of Control for Security Teams and, as a Result, Increased Security Risk.
Ultimately, Robust byod Policies and Practices must be put in place to mitigate excess risk There must some element of corporate review of What's Allowed on these devices to ensure safety of organisational data.
Whilst many users may have fath in the security of the apps they're using, personally and professionally, a compromised device often means that these security measures are measures are overriden. Ensuring that users follow basic device hygiene when it comes to security is important (regularly updating software and apps, for example). Additionally, users should undress the importance of enabling Multi-Factor Authentication (MFA) and similar measures that make it harder for a threat actor to move account.
The Verdict?
This isn't a new problem for cisos and security teams. Getting Organisical Buy-in on Cyber in General is Hard, but restricting the apps that allows that allows to get their jobs by do quickly is tedious. Security Teams Should Prioritise Creating and Investing in Comms Systems with Good User Interfaces That Are Backed Up by Robust Security Measures, LIKE Encryption. These apps, devices and tools must also meet the Compliance Standards Set for the Organization's Respective Industries. Additional, Strong Awareness Training is Crucial for Helping People at All Levels Undrstand The Risks and Consequences of Working Outdeide of Organisical Security Standards.
Elliott wilkes is cto at Advanced Cyber Defense SystemsA Seasoned Digital Transformation Leader and Product Manager, Wilkes Has Over a Decade of Experience Working with BOTH THE BOTH THE BRTH THE BRITISH GOVERNMENTS, Most Recently Service.