These days, almost every business uses SaaS tools on a regular basis. Accessible from any device with an internet connection and a web browser, ‘software-as-a-service’ tools are especially useful for businesses with remote teams. They scale well, which makes them excellent for startups who want to be able to keep the same tool through all stages of their growth. And there’s often a free version to start with, which makes them ideal for smaller businesses who might not need all the bells and whistles of a major corporation. And while SaaS tools make our lives easier, like any new tool on the internet, they also create new risks.
By their very nature, SaaS tools are a greater security risk than software you simply run on your computer because they’re connected to the internet. That data has to travel, and without proper protections, traveling data is data at risk. There’s a reason the old cowboy gangs would rob a train much more often than they’d rob a bank, after all: it’s easier to access goods in transit. The same is (basically) true for data.
Of course, that doesn’t mean no one ever rode trains — and it certainly doesn’t mean you and your business shouldn’t access the impressive array of SaaS tools on the market today. There are quite literally thousands to choose from — you just need to make sure that when you’re using a SaaS tool, you're adjusting your cybersecurity strategy accordingly. Each SaaS tool provides unique risks, and even though there are some preventative measures that will always help (like utilizing a private network), each tool also requires unique preventative measures. Here we’ll look at three of the most common SaaS tools and how to make sure you’re using them securely.
- Hootsuite. Hootsuite is practically ubiquitous at this point. If your company is on social media, you’re probably managing your social media profiles via Hootsuite. And that is exactly what makes Hootsuite unique: the extent of access across social media accounts, putting each of those accounts at risk if any team member makes a careless mistake — or worse, grows frustrated and wants to lash out. That’s why, if you’re using Hootsuite, it’s essential to not just share one Hootsuite password/username set across your team to save money. It costs more to have more users, but the benefit of each user having their own account is that you can always cut off access to that account. You can control how much access they have. Cheating with one login essentially provides everyone admin access to all your social media profiles — which is setting a dangerous precedent. Don’t put yourself or your team under that kind of pressure; just pay for the extra users.
- Slack. Essential for encouraging and organizing communication across teams, Slack has become the new ‘water cooler.’ Part chat room, part video conference software, this tool is used by remote and on-site workers alike. For companies that use Slack, it’s woven into the fabric of their communications, which is where the risk comes from. If your team is discussing proprietary information on Slack (which they almost certainly are) that information is at risk in the case of any hacker spying on your work. Thankfully, the Slack team has developed a new system of Enterprise Key Management that helps with this exact issue. According to Slack, EKM is “an add-on feature to Enterprise Grid that lets you (the customer) bring your own encryption keys to Slack so that you have complete visibility and control over your data.” This allows you granular access control, as well as detailed activity logs so you can keep a sharp eye on your data. If you’re team’s dealing with any sensitive information, this is an essential add-on for your Slack.
- Basecamp. Like a lot of these tools, Basecamp has put quite a lot of work into making sure their platform is secure. Because of the nature of this product, security is more of an issue than even Slack — it’s not just communication that happens on Basecamp, it’s communication, project management, AND file sharing. They aim to be the one-stop-shop for businesses to manage any and every project, which means they’re set up to house any and all of your data. Basecamp, then, is a perfect example of why a private network is essential for any business — but especially a business that uses SaaS. Their security policy states that “Project data, messages, text documents and todos aren’t encrypted at rest,” and while that’s understandable, you can easily mitigate the risk with a VPN. With so much important data transmitting across your wifi network, you certainly don’t want that network to be public. Make it private, and keep your data secure.
For many startups, SaaS tools make the difference between starting now and starting never — so take advantage. Just make sure you choose well, and always, always, always use a VPN to keep your SaaS tools (and all your data) secure.