Inspiring Secure Collaboration

Preparing for a DIY project at home, I recently gathered up a few tools I planned to use for minor electrical work. Fortunately for me, I had, only days before, organized my garage. As a result, I easily found everything I would need for the job, and as I pulled the electrical tape from its hanger, I thanked myself. "Thanks, past John!" 

It struck me at the time that being organized would also be advantageous for enlisting my kids to help me. By sharing with them exactly where they could find a particular tool, for example, the more I would be empowering them to successfully bring me one should I need a hand. What else might I do, I asked myself, to facilitate such collaboration? 

Admittedly, I'm a bit of a collaboration junkie, a focus I've nurtured throughout my career. Early on I recognized the value of good documentation, for example, and I vowed to be "part of the solution" by getting things out of my head and onto paper when it might help improve my own chances of success, or those around me. I've always tried to maintain an awareness of what I learn and to facilitate that path for others through sharing my documentation.  

More recently, I've become acutely conscious of the need for secure collaboration, the sharing of ideas, knowledge and data through means that don't compromise an organization's security posture. Unless you've been under a rock, you are well aware that bad actors and their tactics have become pervasive. I'm hopeful that I can inspire you to think a little differently about collaboration, too.  

In some ways collaboration can be seen as exactly the type of work many of us do on a daily basis. It's at the heart of what our organizations foster as a whole. Take this definition from Merriam-Webster: 

Collaborate - to work jointly with others or together especially in an intellectual endeavor 

If we didn't need to collaborate, we may not have ever created businesses with more than one employee in the first place. And if employees within a business didn't collaborate, the business most assuredly would fail.  

Because collaboration involves the movement of ideas and information between people, teams and organizations, then it invariably means the ideas and information is vulnerable to being seen or seized by those who may not have your interests in mind.   

Why we collaborate 

Quite simply, by collaborating we get more done, but it goes further than that. Here are a few of the benefits gained when employees, teams and organizations collaborate: 

• Ease and efficiency in getting the job done  
• More innovation and better problem-solving 
• Higher team member engagement and satisfaction 
• Enhanced customer satisfaction 

Why bring up security now?  

I'm not here to debate the strategic importance of quality collaboration. There's no end to the literature supporting this idea. But given what's been happening in the world of cybersecurity, there's just not enough being said about how it impacts collaboration. What's happening, you ask? 

Growing threats  

More than any time in my career we see malicious cyber activity being sponsored by nation states and organizations with deep financial backing. As I alluded to earlier, unless you've been under a rock, you're well aware of the increase in cyber incidents. 

More attack vectors 

Software has become ubiquitous, facilitating virtually every communication flow and process, and software applications more numerous. We've seen massive adoption of tools smack dab in the middle of the collaboration space—think Microsoft Teams, Slack, and Sharepoint—over the past few years. Not only that, new features—which in the past may have been rolled out occasionally—are now introduced almost constantly, often under our noses and without our prior knowledge. 

Consider how AI has become a part of so many business tools. In some cases, AI models are actually trained on troves of corporate data. How do we manage how such data is accessed, and how do we avoid allowing AI to be used inappropriately once a model is trained? AI can be tremendously useful for generating content, but how do we ensure that our content is consumed by only the appropriate audience? 

Speed of attack 

Finally, consider how quickly a cyber incident can wreak destruction, on you, your customers, or both. Can you afford to wait for an incident knowing that you, your business, your employees, and your customers could suffer as a result? 

How do we collaborate securely?  

I didn't come with all the answers here, and I don't know if anyone has them. But here are a few ideas to get you thinking about it.  

Whether you're on a small team considering how to best manage a small project, or you're leading a global initiative for a Fortune 100 firm, make sure that secure collaboration is part of the conversation. You're going to need to make decisions on what tools to use, what processes you'll adopt, and how to protect those and the data involved. What you don't want are things like employees using their own tools on their own insecure devices because such decisions on how to collaborate were not already made for them. 

Likewise, education will play an important role in ensuring that everybody knows and understands how to maintain adequate security in the context of collaboration.  

This should almost be a given, but strong alignment between your organization's security team and those that manage your applications is imperative to keeping those applications, the users, and the data safe.  

Remember, an organization's security posture is only as strong as the weakest link. This is a complex topic that can't be covered in the context of a single article. But if you want to assess how well your organization is doing to secure itself, I recommend reading about the Baseline 5, a simple framework that we use at Prescriptive to help our customers understand the critical measures involved in avoiding a cyber incident.  

Fostering safe collaboration 

As a collaboration junkie, it's my hope that I've inspired you to think about not just improving collaboration but securing it as well.  

If you would like to know more about the potential of Microsoft 365 for improving your organization's collaboration or need assistance with securing an existing Microsoft 365 tenant, know that we can help. For anything from implementing multi-factor authentication to preventing or limiting external sharing—and everything in between—contact our team today. 

John Orosco is a seasoned engineer on the Microsoft team at Prescriptive, bringing over a decade of technology experience in the healthcare industry. With a robust background in application and systems support, John specializes in cybersecurity best practices and has gained invaluable insights through incident response. Beyond his professional expertise, John is a dedicated father, an avid athlete, and a passionate tech enthusiast. He constantly seeks new challenges to push his mental and physical limits, always striving for personal and professional growth.