Microsoft Teams: Security & Compliance

Microsoft Teams is the hot topic on the streets these days with everyone from small business to large enterprise using it or in the process of deploying it. No doubt it is instrumental in driving digital transformation and changing workplace culture, and in return, modernizing the workplace. But, what about security and compliance?

Let's play out a quick scenario:

You are a marketing agency collaborating on the launch of a new product with your client.  One day you are breached as a result of an email phishing campaign, and the attacker discovered that you were a guest in your client's team in Microsoft Teams (this team is used between you and your client to collaborate). The attacker not only breached you, but also, just breached the client by gaining guest access to their team (by impersonating you). Sensitive data is stored in the client's team such as private chats, channel conversations and files - and now the attacker has access to it to now ex filtrate and do harm. Better yet, they are impersonating you and so to the client it looks like your company (and not an attacker). What if that attacker uploads malicious files to the team or starts to insert phishing links in conversations (impersonating the marketing agency) - if a user runs those files or clicks the link even more damage can be done.

This is a very real scenario, along with others such as protecting your data in Teams and governing access to Teams. The following short videos will help you to understand and create a plan on how to to protect Microsoft Teams using Microsoft 365 - enjoy!