Passwords, personal data and more – are your staff sharing more about your business than you think?
Security researchers recently found mountains of personally identifiable information (PII) which had been inadvertently made public through Trello, a web-based task management app.
This included passwords, bank account details, and people’s employment and medical details, all of which could have been exposed to anybody – including competitors and cybercriminals.
Accidental disclosure
Trello lets you organise tasks using ‘boards’, which are initially set to ‘private’ by default. But many users changed their boards to ‘public’ in order to collaborate with colleagues – with the unintended side-effect of making them visible to anyone.
The employees involved didn’t deliberately make the information public, and therefore wouldn’t have realised the information was out there.
To compound the problem, Google’s search bot had thoroughly indexed Trello’s public boards, meaning they could be easily found using a standard web search.
The discovery was made by Craig Jones of cybersecurity company Sophos. It was discovered that one company had accidentally published performance ratings of 900 managers on a public Trello board.
The problem of shadow IT
Ultimately, the problem comes back to the use of ‘shadow IT’ by staff to plug a hole. That hole could be a lack of software provision, the availability of a better ‘unofficial’ alternative app, or simply a lack of training.
We’re willing to bet that many of those organisations affected by this breach are running Office 365. How many of them know that Microsoft already provides an equivalent to Trello as part of the suite?
A secure alternative
Microsoft Planner, which comes with your Office 365 subscription, lets you securely create and manage tasks using boards similar to Trello. You can even collaborate on projects and assign tasks to others within your organisation. And because it’s part of the platform, there’s no need to share anything publicly.
If your organisation provides you with an Office 365 licence, and it hasn’t been disabled by your administrator, you and your staff or colleagues can access Planner right now by going to tasks.office.com.
The team at CompanyNet are experts in Office 365. We work with household names like Mencap, Scottish Water and the Student Loans Company to unlock the platform’s potential. If you’d like to find out how we can help your organisation, get in touch now.