Staying Connected While Apart is Great, but Are You Truly Secure?

In an effort to counter isolation and keep employees, customers, and communities safe, organisations have turned to collaborative technology during the COVID-19 crisis – and have come up against unfamiliar challenges as a result.

Over the last two months, many of us have been asked to work from home where we can and have had to adapt to new ways of working in isolation, separated from our colleagues.

For many of us, the reality of working in isolation has been an unfamiliar and lonely experience. Thankfully, the likes of Facebook Messenger, WhatsApp and Zoom have enabled us to stay connected to the people who matter to us; we have a lot to thank technology for in these unusual circumstances.

The speed at which technology has been embraced has also been something of a surprise – especially when considering the rapid pivoting organisations have had to achieve in order to stay ‘business as usual’. Organisations that succeeded have flourished, transforming workplace collaboration into a digital experience, while continuing to drive growth and ensure business continuity along the way.

Outrunning the Risk with Teams

Of course, innovation rarely comes without a downside, and reading horror stories about Zoom and Houseparty is more than enough to sow seeds of doubt around the safety of such apps.

One platform that has risen to the challenge, however, is Microsoft Teams. The platform has over 44 million daily users taking advantage of the technology at their fingertips, keeping us connected while we’re apart during these unprecedented times. Teams also supports nearly all industries you can think of - for a further deep dive in to how it may be suited to your industry, check out the library.

Like many of the platforms you might be familiar with, Teams offers chat, meetings, calling and video conferencing. On top of these foundational features, however, you’ll find the likes of application integration (including third party), workflows, and the ability to collaborate.

Meanwhile, the new Disco app add-on provides a virtual hug of appreciation from leaders and colleagues - if you haven’t checked it out and you use Teams, do it! I think all of us could do with a little more love at the moment, don’t you?

Out of the many solutions on the market, Teams is the one I specialise in securing, so I thought some useful information on how Microsoft ensures a secure Teams experience would be valuable to many of you.

It is important to note at this stage, that I am not for one second saying the Microsoft Teams is not without its own shortcomings – nobody’s perfect – but I do believe it is one of the safest and most compliant communication and collaboration platforms available today, when security and compliance features are used properly.

Security in Teams – Who Needs It?

Despite employees working remotely, the business still needs to meet its goals and limit disruption. Elsewhere, your IT department is likely feeling the pressure of keeping the lines of communication available, managing licensing threats, and maintaining data compliance. They’re also under pressure to respond to the wants and needs of the Security and Legal teams, whose priority is to prevent data leaks and breaches, protect sensitive information, comply with regulations, and uncover foul play. This is all much harder to do with looming security threats threatening to ruin their day.

In short, employees at every level of the business can be affected by unsecured communications platforms, and all benefit from efficient methods of working remotely and collaborating securely.

With that in mind, let’s look a little deeper into what secures Teams…

Authentication

Firstly, Teams can enforce Multi-Factor Authentication (MFA). This is recommended not just in Teams, but for access to all company applications and assets. Authentication using a combination of something you know (password), are (biometrics), and have (Authenticator on your phone) is one of the most secure methods of verification.

That’s because an attacker is less likely to have stolen credentials and someone’s phone - or to that end, their fingerprint! Single Sign On (SSO) is also available in Teams once an identity is verified. SSO not only gets rid of password reset-related costs and downtime, but can reduce insider risk, improve user experience and authentication processes, and ultimately put your organisation completely in control of user access.

Attackers are deterred from users with Multi-Factor Authentication, as it requires much more sophisticated work and effort on their part, when they could be going after the small fry who aren’t using MFA. After all, if you had to make a packet of crisps from scratch each time…you probably wouldn’t eat as many bags.

If you take anything from this article, please, for pity’s sake enable Multi-Factor Authentication!

Encryption

Whether your sensitive data is whizzing around your internal network or out and about in the public arena, Teams has your back. Data in transit and at rest is encrypted with industry standard protocols such as, but not limited to, TLS (transport layer security) and SRTP (support for secure real time protocol) for all messages, files, meetings, and other content.

Further to this, if files in Teams are stored in, say OneNote or SharePoint, they are also backed by their respective encryption. You can rest assured that only those authorised to see the data in Teams are the ones able to see it – no peeking now!

Advanced Threat Protection (ATP)

Just like with email, Teams users send and receive links and files that may be harmful, threatening to release malware, ransomware, and zero-day threats; it’s important to protect our business and our users when clicking links and opening content in Teams too. 

ATP is the tool that helps do this. If ATP detects a malicious file or link, it blocks it – simple. This locks the file down so no one can open, copy, move, or share it. The only thing that can be done is to delete it.

What’s more, all alerts from all ATP solutions are reported for investigation in one single portal, Microsoft Threat Detection, providing an easily digested view of threats to your organisation.

Safe Links and Safe Attachments

Both Safe Links and Safe Attachments are part of the ATP tooling and relatively low impact to switch on, so there is no excuse not to do so (apart from Safe Links, which is in Public Preview and will be made Generally Available soon).

What do they do? Well, Safe Attachments scans files and determines if they are malicious, stopping users receiving, clicking, and acting upon them.

Meanwhile, Safe Links offers ‘time of click verification’ of web addresses (URLs) and, again, can stop users clicking and acting upon them.

Together, they’re a powerful duo that can act as a safety net for users, ensuring that risky behaviour is kept to a minimum.

Conditional Access

Conditional Access is the best thing since sliced bread, if you ask me…or at least, it’s one of my favourite parts of the Microsoft security stack!

Teams relies on other applications like SharePoint and OneDrive for files, and Skype for Business for calls and meetings. Therefore, with conditional access policies applying to these applications, this translates across into Teams too when users sign in.

That being said, Teams is supported directly by in Azure Active Directory Conditional Access policies too.

Furthermore, Teams can work with App Locker in the desktop version with Windows 10. App Locker is that extra layer of security and control over which files and applications users can run, meaning users cannot run unapproved apps that pose a risk. 

Compliance

Compliance is one of my favourite areas to talk about when it comes to Microsoft offerings because it is remarkable. Microsoft has one of the most comprehensive sets of compliance offerings that help you comply with regional, national, and industry-specific requirements governing the collection and use of data. That, however, is a five-day workshop so we won’t focus on compliance as a whole right now!

When taking a brief look into what compliance features apply to Teams, the first area of note would be Information Barriers. Sometimes we might have departments within our business that we really do not want sharing information with each other, so we need to limit contact. Information Barriers will prevent individuals or groups within Teams being able to communicate with each other.

Communication Compliance is another decent feature available and is part of the Insider Risk Management solution (if you haven’t checked Insider Risk Management out…it’s a must). The tool is used to help detect, capture and remediate inappropriate message content within your business. That content could be sensitive information, offensive language or even workplace harassment.

We store a lot of information in Teams and we need to make sure we are deleting that information after a selected time period or just getting rid of information regularly that we really do not need to keep. On the other hand, we may need to access data that a user deletes for whatever reason, and Retention Policies allow for this to happen - even if a user deletes information - by storing copies of it in a secure location so it can still be accessed when needed.

Data Loss Prevention (DLP) is also of utmost concern to all of us, so it is no surprise that you are covered in Teams for DLP too. You can create DLP policies that prevent the sharing of sensitive information in chat or channel. If you allow external users into your Teams, then it is really important that you do not allow sensitive information to be shared on purpose or by accident. DLP policies created will automatically delete content so the recipient is unable to view it. DLP policies extend into SharePoint and OneDrive too just in case a user was to try a work around.

eDiscovery

We all dread the day we get a GDPR subject access request; it’s nothing short of a laborious task. Whatever the lawsuit or investigation, however, Microsoft has your back once again. eDiscovery allows you to find, collect and produce responses around electronically stored information (ESI) in Teams. Whether you need chats, messaging and files, meetings or call summaries, it is all there to be discovered.

Compliance Content search is another feature you can use to filter specifically in Teams and locate data needed. Legal Hold is available for when we are investigating a particular case and need to ensure we maintain evidence.

Auditing and reporting are on-going tasks we need to do. You might need to search for specific Teams events and pull out data for investigation. In which case you can pull all audit log data through the Microsoft 365 Compliance Center.

In conclusion, there’s a lot of security and compliance support offered around Microsoft Teams.  Whether we are trying to prevent DLP, a compromised key attack, network denial of service attack, eavesdropping, identity spoofing, man in the middle attack, replay attacks, SPIM attacks, or viruses and worms, Teams can cope with it all.

Identity Experts are here to help with securing Teams. We eat, sleep, live, and breathe security and compliance.

If you want to assess your position today, learn more about the art of the possible and build a strategic plan for the security and compliance of Teams or the wider landscape, we have the skill to educate you and help you deliver. Teams is a wonderful tool but only when used as intended. After all, you wouldn’t leave your front door wide open and forget your home insurance, would you?

Welcome to the new way of working! Be Alert!