Which set of practices constitutes recommended security measures for collaboration tools?

• A. Enforce least privilege, MFA, restrict external sharing, apply DLP and retention policies, monitor access, review permissions.
• B. Disable MFA, allow open sharing by default, avoid DLP, don't review permissions.
• C. Only rely on vendor-supplied default settings without audits.
• D. Use annual password changes only for compliance.

Answer: (A)

A solid security posture for collaboration tools rests on a layered approach that covers who can access resources, how they prove who they are, what data can be shared externally, and how data is protected and governed over time. Enforcing least privilege minimizes risk by giving users only what they need. Requiring multi-factor authentication strengthens the verification that someone is who they claim to be. Restricting external sharing helps prevent data from flowing outside the organization. Applying data loss prevention and retention policies protects sensitive information and ensures compliance with policies and regulations. Monitoring access and regularly reviewing permissions create ongoing visibility and opportunities to detect unusual or excessive access. Together, these practices form a strong, practical security posture for collaboration tools. Disabling MFA and permitting open sharing increase risk, while ignoring DLP or review of permissions misses important protections. Relying on vendor-default settings without audits leaves gaps, and annual password changes are outdated and insufficient.