Collaboration platforms for communication and file sharing have become immensely popular during the COVID pandemic. However, many tools are not fit to keep our data safe or have suffered severe data breaches. Just think about the Zoom scandal in early 2020.
In 2020, during the first lock downs, companies around the world had to implement collaboration tools all of a sudden. By doing so in a rush, very few looked into potential security risks. Now is the time to re-think the decisions made in spring and look for solutions that are truly fit to allow secure online collaboration – without putting sensitive company data at risk.
When looking for secure tools online, let’s focus on open source tools, preferably encrypted, as these are best fit to secure our data adequately for two reasons:
When the data is encrypted, only the person holding the key can decrypt it. This should be the user or the company rolling out the software for their employees.
When the code for the encryption is published as open source, third parties can verify that the code does what is being advertised. When using proprietary services, you can never know if the encryption works properly or if there is a backdoor included, which lets others access your data as well.
As data breaches grow in number, severity and sophistication, it is important that any data hosted in the cloud is properly encrypted. Only with encryption we can make sure that – even if a breach happened – no one can access the data.
But now, let’s take a look at what tools can protect our data. Here are the best ones in regards to usability and security:
This open source tool is great for hosting non-sensitive online conferences. Much like Zoom, the free video-chat tool is easy to use and requires little-to-no on-boarding. As an open source tool, it doesn't sell your data. You don't need an account and you don't need to download anything to start or join a meeting. You just give your meeting a unique name and enter a password that you share with all invited people. The password is super important as it will prevent others from eavesdropping on your conversation. However, keep in mind that Jitsi Meet is not end-to-end encrypted by default. You can turn on end-to-end encryption as long as you are using Jitsi Meet in a browser with support for insertable streams, e. g. Chrome. If you do this, you can also host sensitive meetings confidentially.
For sensitive business meetings online, Wire is highly recommended. End-to-end encryption ensures that no one can listen in on your private conversation. You can discuss anything confidentially, just as if you were meeting in a private conference room. You can use Wire in the browser, or get the Android and iOS apps. You can use it for calls, video calls, messaging and file sharing – all end-to-end encrypted.
Another excellent choice for encrypted messaging is Threema. This app is also open source. It has a high reputation, particularly because it does not link your phone number to your account, which is great in regards to privacy and anonymity.
Mattermost is an open source collaboration platform built for developers. It is a great team messaging app because it blends features of Slack and Microsoft Teams, but the interface is very easy to use. It is a highly scalable app that you can use for team collaboration.
Element is a great open source messenger and collaboration tool as well. The Element app is free for everyone, and can be self-hosted or hosted on Matrix.org. It keeps conversations under your control, safe from data-mining and ads, as all data is end-to-end encrypted.
One of the most important tools you’ll need to collaborate online is file sharing. An encrypted, open source tool available is SpiderOak. The company promises that all data is protected with end-to-end encryption so that leakages are impossible, but keep in mind that it is based in the US.
Another good encrypted choice for file storage and file sharing is Tresorit. Tresorit is not open source. Nevertheless, it has a high reputation and is not based in the US.
In case you prefer to self-host your storage and file sharing tool, another good choice is NextCloud or ownCloud. You can use ownCloud as an on-premise solution, or with a trusted service provider or choose ownCloud.online. All data in ownCloud is encrypted and, thus, kept secure from any kind of snooping. Even the Fourteen Eyes countries can not siphone off your data if it is end-to-end encrypted.
LibreOffice is a great, open source alternative for Microsoft. It comes as the office suit on Linux and is highly valued among open source fans. It has tools for documents, charts, presentations and more.
For email, many companies still manage their own mail server. On-premise solutions always have the benefit that you are in full control of who has access to your servers and, thus, to your sensitive business data. Nevertheless, the same is true for a hosted solution, but only if all data is encrypted. For instance, Gmail does not protect your privacy with encryption. It is good to know that there is also an encrypted alternative available that will save you long hours of server maintenance: Tutanota. The open source and encrypted email service lets you store all data conveniently in the cloud while the encryption makes sure no third party can gain access to your valuable business information.
Switching from insecure services to these privacy-friendly alternatives comes with minimum effort, but there’s a lot to gain: The confidentiality of your business data. In a world where cyberattacks are becoming more sophisticated and more frequent, we all need to focus on security and make the right choices.
With this little guide you will make sure that your business secrets are properly protected, which will help you to navigate through this crisis.