There’s been an increase in the use and reliance of communication platforms since the recent crisis-forced shift to remote work. Now scattered in different remote locations, employees across organisations are looking for an efficient, secure way to continue collaborating across the business. The need to migrate onto business communication platforms as an alternative to in-person and other technical communication has become a top-line priority for a business’s digital transformation.
Similar to communication platforms such as Slack and Zoom, Microsoft Teams has fast become a hugely successful business collaboration platform, with currently 75 million, and growing, daily active users since the global pandemic. Teams has transformed how employees communicate, share information, and maintain relationships when scattered across the world. Employees across their organisation leverage Teams to conduct video calls, share business critical information, conduct organisation chats, share GIFS, and more, in order to foster team collaboration and mimic in-person team meetings held in conference rooms and “water cooler talk” that now seem like a distant memory.
With more communication – and business critical information being shared – across cloud platforms like Teams, companies leave themselves vulnerable to serious security threats. As we’ve seen with COVID-19, there has been a surge in cyberattacks, with targeted Teams attacks via impersonating Teams notifications, World Health Organization (WHO) phishing scams, and GIFs vulnerabilities. What can companies do to protect themselves and ensure their teams are secure when using Teams? Here are vulnerabilities and risks to be aware of, and strategies organisations should implement to maintain a strong security posture.
Vulnerabilities and Risks Within the Platform
In order to drive mass adoption, Microsoft ensured it was easy to access the platform with a flexible access policy on by default. This allowed users within organisations to quickly adopt Teams, and oftentimes faster than the organisation was prepared to secure it. The default access policy was and still is left on in many organisations, leaving them open to vulnerabilities if they aren’t properly checking their security.
In terms of external vulnerabilities, when Teams is implemented out of the box, federated access to external users is on by default. This means anyone in the world can search for a user by email, request to chat, share files and expose the individual, and in turn, their entire organisation, to communications that are often acted with malicious intent.
Teams also allows individuals to interact with content outside of the Teams’ perspective So, in the previous situation, an external user could search for someone in your organisation and send them a malicious file stored in a third-party storage provider. We’ve seen something similar to this with malicious GIFs shared via Teams from external users. These external users could pose as a partner or vendor using teams to phish for credentials, deliver malicious payloads, or perform a new form of BEC financial scams.
Even approved users can create security holes, such as through negligent actions like downloading vulnerable applications to their Teams environment. Most administrators aren’t aware that this action is also enabled to users by default, which makes it difficult to control the apps that are being downloaded. Without first exploring the app’s privacy policy, individuals can sign away their privacy rights with a click, allowing third-party apps to share data insecurely or with other organisations.
Protecting Your Organisation
To help organisations better safeguard against internal and external vulnerabilities across Teams, consider implementing security policies from the top down. Four important ways administrators can do this include:
- Allow approved domains only to federate: This reduces excess sharing vulnerabilities because only those in the approved domains may reach out via Teams and initiate chat, share content, and send GIFs
- Selectively enable guest access: By removing the global policy that allows guest access to any Team, management can be selective in how much access they allow certain Teams to grant to external guests. This also means those external guests can be tracked, as they’re created as a guest in Azure AD
- Create a process around attestation: Establish a regular cadence (every 30-90 days) for Teams owners to attest members who should still belong to the Team, and ensure those that do not are removed from the Microsoft 365 group
- Strengthen authorisation policies: Administrators should update Teams settings to either block or filter specific apps that are published by either Microsoft, third-parties, or the organisation. This helps provide some control over what apps are being downloaded to the environment
Additionally, when it comes to Team naming conventions and label policies (sensitive and non-sensitive) should be established. Implementing naming conventions can be done at any time and performed manually, so it’s an easy way to make changes to better protect your organisations’ usage of Teams. With sensitive labels (in public preview as of March 2020), policies can be applied based on label and restrict guest access or app use for highly sensitive Teams. If administrators want the onus of managing who gets invited to what Team, they can turn-off Teams policy to allow users to discover private Teams. This is another way to reduce the unwanted disclosure of sensitive information across Teams.
As we see more companies announce plans to go substantially remote in the near future (Twitter, Shopify, Facebook), it will be important that organisations implement the strongest security posture across communication platforms like Microsoft Teams as usage will continue to surge. If collaboration platforms are left unchecked, it can lead to increased security risks. It will be important for IT teams to create specific restrictions and policies to ensure that users don’t accidentally download an app or fall victim to a phishing scam that leaves valuable data vulnerable to hackers.
Make sure you have the right policies and filters in place to ensure that your company’s privileged data stays safe from attacks.
Guest Blog by Jennifer LuPiba, Sr. Product Marketing Manager and Evangelist at Quest Software
Jennifer LuPiba is an Evangelist at Quest Software, as well as the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-prem Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelise the importance of these areas to their overall business.
from UC Today https://ift.tt/2CWm1xe
0 Comments