Microsoft Teams Security: The forgotten human factors


Only a few weeks ago, the world was plunged into what seemed like an impossible situation for businesses across the world.  Did we realise then how long this was likely to continue?  The world of work has changed forever.  It’s important at these times to remember that from what seems like a catastrophe, good things can come. 

I live in a town, but having the privilege of working from home during this period has allowed me to better know the wildlife around me and smell the difference in how clean the air smells.  The impact of not having a large queue of cars in and out of the town each day has meant that I have now seen deer in my street, a nuthatch and woodpeckers in my garden and my world seems a calmer place. 

There are lots of articles praising and explaining the technical features behind the Microsoft Teams Security but are we forgetting something?  What about the people using it?  Security is only as tight as your weakest link and during these days of working from home, it’s important to check that your Teams users understand about their safety and security and how not to break it. 

Multi-factor Authentication (MFA)

Accessing Teams from home – are your users using MFA?  It’s really important that they have total control over who is logging in with their UserID and password.  Casual observers may not see the harm in memorising your details if they have watched you, but the MFA makes sure that they can’t log in to another machine without the user’s permission.  Users need to understand that when they receive the text notification with a code, if it’s not them logging in, someone is trying to use their details.  The implications of this could be huge. 

Recording Meetings

When you are in Video conference, what do you do if someone starts recording the meeting?  You will be notified that it’s happening, but what if you don’t want to be recorded?  This can cause some people a lot of anxiety and it’s important that you have a policy in place that lets your users understand the purpose of the recording, where it will be stored and what to do if they prefer to opt out.  Recording can be totally disabled.  A decision on this probably needs input from HR and Compliance.  Video conferencing is another way to ensure you are talking to the right people so put your cameras on and look at each other.  If you see that Bill from accounts has become 30 years younger and changed his voice, you can be pretty sure that someone else is on the call.  It may be harmless but it may not be.   

Sharing your Screen

Sharing your screen is a brilliant feature but be careful of accidentally leaking information to the wrong parts of the business by having content on your screen that should not be shared.  You may have been working on a confidential document but then enter a meeting and want to show a separate document or spreadsheet to your audience.  When you share a screen, be ready with the content you want to share to save potential information leaks or embarrassment.  

Following on from screen sharing, another factor that you should be aware of in terms of Microsoft Teams Security, is that Teams allows you to give or take control of someone else’s computer.  Make sure that your users understand the impact this could have if they are not familiar with their co-workers.  It is not a good idea to give someone permission to control your machine and then walk away leaving them to it.  Remember they are effectively “you”. 

External Access

External vs Guest Access – understand the difference.  Collaboration with external people is a fabulous feature but if you give someone “Guest Access” by making them a member of your Team in MS Teams, they can look at your data in all of the public channels within it and participate in any related chats.  In some instances, they can also add and delete channels.  External users can join calls but don’t have access to the data in your channels.  Some companies opt to switch off external sharing altogether or limit the domain access to exclude things like Hotmail and gmail accounts.  Your users need to be aware of this otherwise their attempts to collaborate may be thwarted and put them off trying in the future. 

In Conclusion...

I guess my message here is don’t forget your users when you are looking at Microsoft Teams Security.  Microsoft products have lots on built-in security but your users are possibly your weakest security link.  They need to understand what the limits are and how to not break the rules by accident. 

If you need a hand with incorporating Microsoft Teams into your business, give us a shout and one of our experts will be happy to get in touch!