Ann Arbor, MI
Farmington Hills, MI
Houston, TX - UHY Advisors Only
Kansas City, MO
New York City, NY
Orange County, CA
Rye Brook, NY
Saratoga Springs, NY
St Louis, MO
Sterling Heights, MI
News & Events
Audit & Assurance Services
Audits of Financial Statements
Audits of Employee Benefit Plans
Audit & Assurance Related Services
Audit Committee Advice
Information Technology Audits
SOC and SSAE 16 Services
Vendor, Contract and Construction Audits
State and Local
Forensic, Litigation & Valuation
Business Insurance Consulting
Employment and Personal Injury
Fraud and Forensics
Internal Audit, Risk and Compliance
Contract Compliance Services
Enterprise Risk Management
Assurance and Compliance Services
Management and Technology Consulting
Business Process Outsourcing
International Business Services
Canada U.S. Tax Team
Power & Utilities
Transportation, Distribution & Marketing
Manufacturing & Distribution
Aerospace & Defense
Not-For-Profit & Education
Professional Employer Organizations
Find a Professional
News & Events
News & Events
We need to talk ... about team chat app security
Despite the benefits that many team chat app users cite, some experts say the rewards aren't necessarily worth the risk.
, senior manager of the internal audit, risk and compliance practice at professional services firm UHY Advisors, said he probably would not have allowed Slack in his previous position as a CIO at a hedge fund.
"I know people are trying to modernize email and make it more dynamic, but they also are giving up control," King said.
He added that the new, stand-alone team messaging apps don't yet compare to traditional enterprise-level services in terms of maturity and security, and suggested that most organizations can use their existing products to meet internal communication needs.
"You have to know how the messages are being protected and retained," King said. "None of these team-based applications have focused on that as part of their service. It just doesn't feel like we are there yet."
He worries about scenarios like quarterly results being shared over an unsanctioned Slack channel ahead of a data breach, calling the likelihood of such a scenario unfolding "high."
If a CTO does decide to consider a team chat app, King recommended putting the platform through its paces on the risk management side -- building a use case and subjecting it to the regular channels of due diligence.
"Once it is deployed, IT should have a way to turn off access to the application when employees leave and to stop unauthorized use on the network," he said.
Lysa Myers, security researcher at security software company ESET, worries that as these messaging applications get more popular, they'll become a bigger target for hackers. And she added users themselves are the biggest problem.
"Are they talking about things that they shouldn't be talking about on an unencrypted channel? Most people will not go the extra step of turning on encryption," she said.
Myers encouraged IT to get specific about policies and what can and cannot be discussed over team chat app channels. For instance, hospital workers should never share any information protected under Health Insurance Portability and Accountability Act privacy rules, in case the platform is hacked.
"Users have to understand these are not the most secure venues, as well as the consequences if they break the rules," she said.
Like King, Myers urged IT managers to weigh a given messaging platform's approach to security, conducting a thorough risk assessment before adoption.
She hopes that team chat app vendors themselves will start to enact more secure coding practices, but until then, enterprise IT departments must stay attentive.
Click here to read full article.