Protect Information & Platforms as Workers Return to the Office
Over the last two years, collaborative apps like Microsoft Teams, Zoom, and Slack have surged in popularity. In addition to connecting colleagues and teammates across continents and time zones, these tools have also facilitated productivity and enhanced efficiency.
Now, with COVID-19 case counts dropping, mask mandates loosening, and millions of employees preparing to return to the office, many of us are wondering how apps like Teams, Zoom, and Slack use will change as day-to-day operations evolve. The key characteristic is staying in contact, whether colleagues are working in the same office together or alternating hybrid schedules.
While Zoom works great for face-to-face video meetings and Slack functions well as an instant chat app, Microsoft Teams combines the best of both worlds into a unified collaboration and communication solution currently adopted by nearly 275 million active users. Best of all, Teams is now an integral part of the Microsoft Office/Microsoft 365 productivity suite, which includes other standard apps like Outlook, Word, Excel, and PowerPoint.
Microsoft Teams’ best features include calendars that coordinate with Outlook, group chat threads that keep employees connected before, during, and after meetings, and shared workspaces for file collaboration. These intuitive functions have improved drastically since the use of Teams first spiked in March 2020, demonstrating that Microsoft is listening to user feedback—and taking security concerns seriously.
That’s more important than ever, as cybersecurity experts report that hackers are starting to target Teams more and exploit the perceived cybersecurity weaknesses of the platform.
Recently, thousands of Teams attacks have been identified, with many of them following a familiar phishing pattern:
1) Hackers are testing previously stolen passwords and Microsoft Office/Microsoft 365 logins on Teams. When successful, these intrusions allow bad actors to access meeting agendas, organizational chat threads, and file-sharing spaces.
2) Once they’ve compromised Teams, attackers can then drop malicious malware files or questionable links into the chat, taking advantage of Teams’ limited capabilities to scan for illicit activity.
3) If these files are executed or these links are clicked, they can automatically write malicious code to the Windows registry, install infected files, or create shortcut links that allow malware to self-administer.
4) If users are savvy enough to not click unfamiliar links or open questionable files, hackers can try sending fake emails that look like real Teams notifications. These often inform a user that “a teammate is trying to reach you” and ask the user to click a link—but instead of opening in Teams, malicious links can lead directly to dangerous websites.
What can you do to protect your business and use Microsoft Teams more securely?
1) Protect login credentials. This starts with the basic step of strengthening passwords by using long, unique phrases that incorporate numbers and special characters. But it also extends to multi-factor authentication (MFA), which asks users to log in with something they know (their password) along with something they have (a code delivered via text or email, or a push notification to a dedicated app). Preventing password theft or credential compromise for applications like Microsoft Teams, Office, and 365 is the first layer of robust cybersecurity defenses for online accounts and identities.
2) Limit the sharing of protected information or sensitive files on Teams. Security analyses show that users trust Teams to such an extent that, at hospitals and within health systems, some clinicians are even sharing patient information on it. No matter what industry you work in, think of Teams as an application that offers only so much standard encryption and protection. If you’re sharing private data or critical files that need extra protection, opt for a more secure platform or encrypted channel.
3) Enhance scanning and protection for downloads, attachments, and links. Typically, this kind of multi-layered cybersecurity defense is applied to servers, networks, and email inboxes. But organization-wide Internet filtering, traffic analysis, and attachment sandboxes that inspect for malicious content can also be applied to Microsoft Teams. This offers extra precautions for employees and executives to understand which legitimate channels will be used for critical communications—and how necessary downloads will be deployed. That’s the kind of robust, full-spectrum cybersecurity your business deserves.
4) Be careful with notification emails. When Teams first surged in popularity, many users weren’t ready for the avalanche of activity alerts and chat notifications. You can customize the messages you receive by navigating to Settings > Notifications to ensure that you receive appropriate alerts about messages, group chats, meetings, and other activities—with the notification format and frequency that works for you. If you use Teams regularly and reliably, you can also avoid the possibility of a fake notification email by instead conducting all of your activity inside the app itself.
5) Work closely with a trusted IT partner. The right provider can help with all of the steps outlined above—and serve as a sounding board for end users to report suspicious activity or inquire about cybersecurity measures. Most small to medium-sized businesses can only do so much to protect the company’s entire technology infrastructure. But a trusted partner who understands the changing cybersecurity landscape can help with comprehensive safety and security for every application, every employee, and every file within your IT ecosystem.
At CMIT Solutions, we’ve helped thousands of businesses navigate the constant changes of the last two years, all while maintaining productivity for employees and protecting information across the full spectrum of collaborative apps.
Ready to prep for a return to the office? Want to continue empowering your employees to work collaboratively, on an in-person or remote basis? Concerned about the security of tools like Microsoft Teams? Contact CMIT Solutions today.