Businesses need to take Teams security seriously
Microsoft Teams has been one of the winners of the pandemic, with usage in December 2020 estimated at 115 million daily users, growing from 32 million in early March.
But this success has also made Teams a tempting target for hackers. Cloud security specialist Avanan has released a new report, based on analysis of nearly 200 enterprise customers, looking at the risks of using teams and how to combat them.
Unless you have an E5 license or Microsoft Defender for Office 365, Teams has no default security so anything shared is not scanned. Similarly data loss prevention (DLP) also needs an E5 license.
Malware, impersonation and east-west attacks are the most popular vectors for targeting Teams. Attacks include getting users to share infected GIFs that harvest user credentials, and sending out fake updates.
Part of the problem is behavior. When companies use Teams they assume it is internal and unmonitored, so users tend to freely share files, data, spreadsheets and sensitive information -- often without thinking. However, often companies invite external organizations and individuals into the environment and it it isn’t always clear when external users are included in a channel.
As more work shifts to Teams businesses need to take steps to secure it from these threats. The should adopt a whole-of-business security approach, protecting every application where business is conducted, Teams included.
Avanan CEO Gil Friedrich says, "The success of Microsoft Teams has made it ripe for hackers. Letting it go unsecured would leave an organization open to malware, DLP and insider threats. Within a few weeks after we opened our Teams integration, hundreds of our customers implemented it, so we believe our customers generally understand the threat. If your organization uses Teams and hasn't researched how to secure it, we recommend you start right away."
You can find out more on the Avanan blog.