10 Critical Steps to Reduce Risk With Microsoft Teams While Working From Home

Data is the lifeline of every business; therefore, it’s vital to ensure the tools and technologies you use to drive your business are geared towards protecting your valuable data. And this includes the productivity tools your business uses to enhance communication and collaboration.

The sudden rise in remote work induced by the COVID-19 pandemic forced organizations to rely heavily on cloud-based solutions like Microsoft 365 to ensure business runs as usual. As a result, communication platforms, such as Microsoft Teams, Google Meet, Zoom, Slack, etc., became more popular than ever. According to the Gartner 2021 Digital Worker Experience Survey, nearly 80% of workers were using collaboration tools for work in 2021 — a 44% increase since the pandemic began. These tools not only helped remote workforces stay connected and engaged, but also enabled business continuity.

With the global pandemic changing the ways in which companies work, collaborate, share and store data, there are major shifts in the cyberthreat landscape as well. While cyberattacks are a constant threat, the distributed workforces relying on their potentially unsecure home networks are opening up countless new threat vectors. In this blog, we discuss the security capabilities and vulnerabilities in Microsoft Teams and the 10 key steps you can take to use Microsoft Teams safely while working from home.

What is Microsoft Teams?

Microsoft Teams is a cloud-based application that enables distributed workforces to stay connected, share documents, conduct online meetings and collaborate — all under one platform. Microsoft Teams enables real-time collaboration between teams, helps you stay organized and manage work seamlessly. The core capabilities in Microsoft Teams include video calling, audio conferencing, messaging, and file and screen sharing.

Is Microsoft Teams secure?

There were 145 million daily active Microsoft Teams users in 2021. With the increasing use of Teams to communicate and collaborate, a significant amount of Microsoft Teams data is produced every day. Microsoft saves all your files and data securely at different locations, such as OneDrive and SharePoint. Teams uses Advanced Threat Protection (ATP), two-factor authentication, etc., and encrypts data both in transit and at rest to protect your data.

Microsoft Teams is a vital part of the Microsoft 365 and Office 365 portfolio. Therefore, it follows all the security best practices and procedures such as service-level security through defense-in-depth, customer controls within the service, security hardening and operational best practices.

Microsoft Teams is built in accordance with the Microsoft Trustworthy Computing Security Development Lifecycle (SDL), which helps software programmers develop highly secure applications by paying close attention to security and privacy.

Is Microsoft Teams encrypted?

Microsoft uses Active Directory to manage encryption of your Teams data while in transit between devices, users or data centers, as well as those files that are at rest in your data center.

In December 2021, Microsoft rolled out end-to-end encryption (E2EE) for one-to-one Teams calls. According to Microsoft, “With E2EE, call information is encrypted at its origin and decrypted at its intended destination so that no information can be decrypted between those points. By default, Teams encrypts all communication using industry-standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP).”

Vulnerability within Teams

In 2021, researchers at Positive Security discovered four vulnerabilities in Microsoft Teams’ link preview feature, which attackers could exploit to spoof the link preview, leak IP addresses and access Microsoft’s internal services. As per the firm’s blog post, one of the four vulnerabilities has been resolved.

When it comes to phishing, malware and data leakage, Microsoft Teams is no exception. When you’re not actively using Teams or are away from your computer, Teams will send an email notification containing a link to the missed message. Threat actors can exploit this Teams feature to launch phishing attacks using malicious code.

The guest access functionality in Teams could also lead to data leaks and unauthorized access. For instance, sharing files with external users or guests through channels even when it is no longer required, or continuing to provide access to Teams even after the meeting has ended, could result in data leakage or visibility of confidential files.

Microsoft also allows third-party apps to integrate with Teams to enhance the platform’s experience, which expands the attack surface. However, these apps could also be potential entry points for unauthorized access.

10 critical steps to use Microsoft Teams safely while working from home

Microsoft Teams is an effective tool for communication and collaboration. However, remote workers relying on unsecure home networks coupled with poor security practices and a sharp uptick in cyberattacks, have made Teams more vulnerable to data breaches.

Here are 10 critical steps to use Microsoft Teams safely:

  1. Back up data: Disasters can strike at any time and from anywhere. By ensuring critical data in SaaS applications is independently backed up, you can quickly recover from disruptive events without impacting business continuity.
  2. Prioritize cybersecurity: Microsoft Teams security is a collaborative effort. IT needs to ensure cybersecurity is a strategic priority for all executives.
  3. Update devices regularly: Outdated devices may contain bugs and security vulnerabilities that cybercriminals can exploit to launch sophisticated attacks. Therefore, IT must ensure devices are updated regularly.
  4. Develop robust IT security policy: IT needs to define a clear set of security rules. Having a comprehensive IT security policy in place will help you tackle cybersecurity threats efficiently and implement strategies to minimize security holes. IT security rules will also help define how to recover when an unforeseen, disruptive incident occurs.
  5. Education and training: Educating end users on emerging threats is vital to successfully warding off malicious attacks. Regular training needs to be provided to end users to lower the risks of security threats.
  6. Easy-to-use training materials: A robust security awareness training will help build a security-aware culture in your organization. Security training must contain measures to test whether end users understand the content.
  7. Proactive management: Team managers need to play an important role to ensure IT security is part of their coaching.
  8. Provide the right set of security tools: Your organization must ensure that employees are equipped with the right security tools such as:
  • VPN: This will help protect your employees’ online identity and encrypt data to protect your organization’s valuable information by masking end users’ IP addresses.
  • Encryption tools: Using encryption technology has multiple benefits. It protects user privacy, prevents identity theft, secures data, saves you from regulatory fines and more.
  • Built-in firewalls: Firewalls help protect your device or network against external attacks by blocking malicious network traffic. Most wireless internet routers come with built-in firewalls that must be activated to start protecting your network against unnecessary traffic.
  1. Implement MFA and strong password policy: Multifactor authentication helps bolster your organization’s security by implementing multiple authentication methods apart from username and password. Implementing MFA and having strict rules regarding password strength is important to ensure only authorized personnel have access to your organization’s devices and data. A strong password policy will help bolster your defenses against unauthorized access and hackers.
  2. Secure internet connection: Remote employees could expose your business to a wide range of cybersecurity risks. With a sharp uptick in cybersecurity incidents, having secure internet connectivity for remote workers is crucial. Your business must ensure teams members use an antivirus or internet security tool to lower cybersecurity risks while working from home.

Read our blog to learn more about Microsoft Teams security best practices.

Enhance Teams security and minimize cybersecurity risks with Spanning Backup

Spanning provides daily, automated Microsoft 365 backup that auto-discovers new and/or altered content to back up. Spanning Backup provides you with reliable backup and recovery for your Microsoft 365 from Exchange Online, SharePoint Online, OneDrive and Microsoft Teams. Unlimited storage space and an unrestricted retention policy guarantee that your valuable Microsoft 365 data will remain fully backed up and recoverable at all times.

Start your 14-day free trial today to experience the full Spanning feature set.