Communication tools: How to prevent wild growth

Messenger, video chats and other communication tools are now part of everyday work and are used as a matter of course for the exchange of business data. However, employees often violate data protection and security guidelines. The author names five basic requirements for secure collaboration in distributed teams.

Andrea Wörrlein

Messenger, video chats and other communication tools are now part of everyday work. But what do you have to consider for safe handling? (Image:

With the rapid spread of home offices due to the Corona, the use of new collaboration and communication tools has also increased. But these are not always safe and trustworthy. Many employees do not worry about which sensitive data they are sending via such applications. Often this is due to the fact that companies have not communicated any specific guidelines for the use of the new tools or have introduced unsuitable solutions under time pressure. According to VNC, the leading developer of open source-based business applications, the most important recommendations for companies that want to enable their employees to exchange data securely and in compliance with data protection regulations:

  1. Clear tool specifications: Companies not only have to provide their employees with secure communication tools, but also those that meet the needs of the employees. Otherwise they cannot work together efficiently and find their own solutions – and these are usually the ones that they also use privately. These are mostly unsuitable for exchanging sensitive company data. Therefore, companies should clearly specify the tools to be used, but also explicitly point out that other applications may not be used – and block their use as far as technically possible.
  2. Selection of safe products: Companies should not simply go for the best-known names, but should look intensively at the available solutions. Cloud services, for example, can be introduced quickly, but are often questionable from a data protection point of view. In particular, services from providers from the USA are generally excluded under the GDPR because the “Cloud Act” allows US authorities to access data – regardless of where the service is hosted and where the company that uses the service is based. However, even running an application on its own infrastructure is no guarantee of the highest level of security and data protection, as companies often lack the know-how or they use closed-source solutions. Nobody except the developers knows what happens to the data and whether there are weak points in the software. Open source is a secure alternative that also usually supports various operating modes: on its own infrastructure by the company itself or a reliable service provider or in a secure environment with a trustworthy service provider.
  3. Agreement on means and channels of communication: One of the biggest challenges when working together in distributed teams is communicating efficiently. Not every tool is suitable for every consultation and every data exchange. Companies should therefore work with their employees to determine which solutions make the most sense in which situations. You can also define alternative channels, specify contact persons and arrange consultation options so that processes are clearly regulated and employees do not fall for attempts at fraud such as scam calls or fake emails.
  4. Secure end devices and infrastructure: Secure communication and collaboration solutions alone are not enough, because if cyber criminals use other gateways, company data are further at risk. Therefore, companies must consistently protect all end devices and their entire infrastructure. That means not only using reliable security solutions, but also quickly importing all software updates and patches in order to reduce the attack surface.
  5. Training and guidelines for employees: Employees need training so that they can use the tools offered properly and not ignore them because they cannot get along with them. In these training courses they also learn how to use the new tools in a safety-conscious manner and learn more about the company’s security guidelines for remote work, for example that they should avoid making professional phone calls in public, that they should not leave their notebook unattended there and that they should also be locked in the shared apartment when they are not in front.

“Companies must provide their employees with secure and data protection compliant, but also easy-to-use tools for exchanging information with colleagues, so that they can work together efficiently in the home office and on the go. If companies do not do this, they risk shadow IT because employees are looking for their own applications in order to exchange ideas, ”explains Andrea Wörrlein, managing director of VNC in Berlin and board member of VNC AG in Zug. “In order for the collaboration and communication tools used to match the requirements of the employees, companies should include them in the selection process from the start and integrate them closely during the introduction.”

(Quelle: VNC)

About the author:
Andrea Wörrlein is the managing director of VNC in Berlin and a member of the board of directors of VNC AG in Zug.