State and local government personnel now rely on a variety of digital collaboration tools for maintaining effective communications with colleagues and delivering essential services to their constituents. However, agencies must take steps to manage the increased risk these technologies can create.
Government personnel exchange vast amounts of sensitive information through collaboration and file-sharing environments — and hackers know it. Breached team collaboration platforms allow attackers to circumvent perimeter security controls in order to gain unauthorized access to meetings, deliver malware, exfiltrate data and launch ransomware attacks.
Team collaboration solutions typically have built-in security features, but they can vary greatly. Some offer fine-grained controls, but others have only the most basic protections. As government agencies continue to refine their remote work capabilities, they should use applications and services that meet government best-practice security recommendations.
Here are some suggestions for improving team collaboration security:
1. Use end-to-end encryption (E2EE)
This ensures that text, video, voice and data communications can only be accessed by the users involved in a meeting. It also keeps stored data, such as recorded conferences, encrypted. Almost all video meeting apps and services offer some degree of encryption, but many don’t have true E2EE. In some cases, they offer “encryption-in-transit” in which videos are encrypted on the sender’s end, delivered to a server where they are decrypted and re-encrypted before being delivered to the recipient. That creates an opportunity for a malicious actor gain access at the server.
2. Require multifactor authentication (MFA)
The NSA, FBI and other federal cybersecurity agencies recently issued a joint advisory urging government entities to require MFA for all users “without exception.” MFA requires a combination of verification factors, such as a password or PIN along with a security token, mobile app or a biometric identifier. It greatly reduces the risk of data loss or theft due to compromised passwords.
3. Control attendance
Limit meeting access to only those who are invited. Many services support this safeguard by requiring participants to have a valid password. Many also allow meeting organizers to create a virtual waiting room where intended participants gather before a meeting. Some also allow you to lock meetings once everyone has arrived, preventing others from joining unannounced.
4. Make invitations secure
If possible, meeting invitations should be sent via secure links that are accessible only to specific recipients. If invitations must be sent in clear text, organizers should send passwords or PINs by a separate method requiring two-factor authentication such as email and text or email and phone call.
5. Don’t reuse meeting access codes
If organizers use the same codes for multiple meetings with different parties, it can result in people joining meetings they weren’t meant to attend. That increases the risk of a malicious actor stealing or guessing a code and gaining access to confidential information.
6. Use a secure connection
Because remote workers usually depend on their home Wi-Fi networks to establish connections, they should change the default passwords for both the network and the wireless router and enable either WPA2 or WPA3 wireless encryption. Users should never share any content, data, or participate in collaborative activities unless the connection to all services and parties is secure.
7. Be cautious about sharing information
Screen-sharing features allow meeting participants to share a presentation or document that’s on their desktop screen. Always close open documents, browser windows or anything else on the desktop that others aren’t supposed to see. It is also recommended that users turn on “do not disturb” to avoid unexpected notifications or alerts appear during the meeting with possibly confidential information.
8. Leverage audit and visibility tools
Auditing tools such as Theta Lake enabling ongoing reviews to ensure compliance with internal policies and regulatory standards. Monitoring tools such as Cisco ThousandEyes give IT teams end-to-end visibility into the collaboration environment, enabling rapid issue identification and troubleshooting.
The need to support essential government services with increasingly distributed workforces requires the use of team collaboration solutions. However, these tools can introduce significant security vulnerabilities. Contact us for more suggestions on building a secure collaboration environment that supports your new workflows while minimizing risk.
Work With Cerium
Government agencies today need team collaboration tools to deliver essential services, but these tools can introduce security and privacy risks. Call us to learn how to develop a highly collaborative environment while minimizing risk.