Written By; Richard Eyres
In the current environment, with so many people working from home, the value of a collaborative videoconferencing tool such as Microsoft Teams has never been greater. Microsoft Teams adoption is exploding with 500,000 organizational users, 13 million active daily users, and 19 million weekly active users. The ability to continue communicating and in a (virtually) face to face manner has been a major factor in the success of so many businesses quickly transitioning to new working practices. As always though, there are security concerns that need to be addressed and correctly configured to ensure that these communications are not being broadcast outside of your organisation either through accidental misconfiguration or by a malicious bad actor. Here are 3 potential security threats and some simple steps that can be taken to counteract these threats.
1. Teams Bombing
Teams bombing is when a person who is not intentionally invited to the teams call joins the call. This has been more common with some other popular videoconferencing services but could potentially happen with Teams also if the meeting link is shared publicly. A simple method to prevent this is to implement the “Lobby” feature within teams. With this feature, all users outside of the organisation who are joining the call need to be admitted to the call by a user within the organisation. This of course, still relies on employees only admitting users that are expected on the call which brings us to our next threat…
2. Security Awareness (or lack thereof)
As with any new tool, organisations must adequately prepare and train their staff on usage of the tool. It is vital that this includes security awareness training. For many organisations, Teams is a new communications channel which inherently brings new communications risks and old risks but through a new medium, such as phishing and vishing (video phishing).
Vishing is when a bad actor uses verbal communication to impersonate a reputable company. The aim is to manipulate individuals into revealing financial or personal information, or into providing unlawful access to their corporate networks. Simple steps can help to mitigate this threat such as defining acceptable usage policies and providing targeted security awareness training (e.g. check who you are admitting from the Lobby).
3. Internal Data Sprawl
With the advent of GDPR and other similar data protection regulations, organisations have become much more conscious of unnecessary data duplication and having full visibility of what data is being stored and where it is being stored. With Teams allowing for easy sharing of files and data, users may be tempted to share files on Teams which will then remain stored in that Teams channel and this may contravene the organisation’s GDPR policies and procedures. This can be exacerbated further by users creating their own Teams or Channels that may be used for a single use or may be duplicates and may then be forgotten about but contain files. This sprawl can contravene policies, regulations and may increase the threat profile for the organisation. Sharing links to files rather than the files themselves is a simple and effective way to prevent this sprawl.
Training, refresher sessions on regulations, policies and procedures and tighter permissions on creation of Teams and Channels and file sharing can all be used to battle this threat.
As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:
Contact your normal account manager for sales or firstname.lastname@example.org
Contact our orders department at email@example.com
Contact our service delivery office at firstname.lastname@example.org
Contact our Security Operations centre at SOC@ward.ie
Contact our Network Operation centre at NOC@ward.ie
Contact our finance department at Finance@ward.ie