Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.
When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email, file sharing, managed transfer and secure file transfer. But there are many other communication tools, including SMS text, video conferencing and even web forms. Kiteworks’ research found that more is not necessarily better when it comes to security and communications tools.
The survey found that companies with more than seven different communication tools were at a significantly higher risk of data breach — 3.55x higher than the average. Only 9% of organizations overall reported more than 10 data breaches, but 32% of companies with more than seven communications tools experienced this high number of breaches. More communication tools also translate into higher data breach litigation costs, with organizations with more than seven tools reporting paying 3.25 times more in data breach litigation costs.
Impacts of a data breach
Companies with a high number of data breaches typically see numerous negative impacts on their organization, including lost customers, reputation damage and operational downtime. Many organizations also must hire additional staff after the breach, such as customer service help desks and credit monitoring services. Companies in regulated industries may also face fines related to the breach.
The 2024 Cost of a Data Breach Report found that the average cost of a data breach jumped to $4.88 million from $4.45 million in 2023, a 10% spike and the highest increase since the pandemic. While the study showed key improvements related to breaches, especially in terms of identifying and containing breaches more quickly, the increased cost of a breach is due to rising business costs.
Read the Cost of a Data Breach Report
Why an increase in communication tools increases risk
With communication and data transfer now central to all industries and most processes, both internal and external, reducing risk starts with understanding why each new tool increases the odds of a breach.
Here are key reasons for the correlation between the number of tools and the risk of a data breach:
Increased attack area
Each time a new tool is added to a process, the organization adds a new entry point for an attack every time a user accesses that tool. For example, the marketing department has begun using a different video conferencing tool than the rest of the company. Threat actors can now target users of the tool and recordings of the meetings stored in the cloud. Additionally, the information sent through the tool, such as chat comments and files shared, adds more opportunities for a data breach.
More opportunities for exchanging sensitive data
Kiteworks found that tracking sensitive data creates a big issue, with two-thirds of respondents sending sensitive data to more than 1,000 different third parties. Additionally, employees often let their guard down when using casual communication tools such as messenger and email, which creates instances of sharing sensitive data and increasing data breach risks.
More resources are required to govern and monitor
Because communication tools provide many opportunities for cybersecurity risks, the use of each tool must be carefully monitored with documented processes. This requires more resources, especially in terms of monitoring use for cybersecurity issues or improper use. With more tools to monitor, it’s easier to accidentally overlook a warning signal of a breach.
Increased risk of human error
Communication tools provide many different ways for employees to make mistakes that lead to a breach, such as falling for a social engineering scheme or using an insecure connection to send data. Employees are also more likely to make more compliance errors with more tools since the process may vary per tool, making it easier to overlook a step.
Reducing risk from communication tools
Reducing breaches often feels like an overwhelming task. By starting with communication tools, organizations can take proactive steps toward reducing their risk.
Take stock of tools in use
Many companies have no idea exactly how many tools they are using. By working with all employees and departments, organizations should create a catalog of all tools currently in use.
Eliminate multiple tools used for the same purpose
If your business finds that four different project management tools are used throughout the organization, you need to determine which tool is the best fit for the organization. By helping teams transition to the approved tools, you can reduce your risk of a breach.
Provide employees with the tools that they need
Many employees begin using approved tools because the tools that the company issues do not work for their tasks. For example, many companies instruct employees to use file-sharing tools that have file size limits. If an employee must transfer a file that is too big for that tool, then the only way that they can do their job is by using another approved tool. Many organizations find that their high number of tools used is due to employees improvising to get things done. By ensuring that your employees have tools that accomplish their required tasks, you can often quickly reduce the number of tools used in your organization.
Use tools that perform multiple tasks
The number of communication tools often quickly grows when an organization has a separate tool for each different type of communication task. By using platforms that perform multiple functions, such as file sharing, video conferencing and messaging, organizations can significantly decrease the number of communication tools.
It’s very easy to look up and realize that your company is using many different tools. By making a concerted effort to understand the tools needed and provide the right tools, your organization can reduce your risk of a breach.