The global Covid-19 pandemic forced many of us to work from home. We've adopted and adapted to a new way of working with tools that allow us to continue to work as though we are together in the same room, even if we're miles apart. Collaborative, remote, and mobile working aren't just buzzwords - they're now essential.
Microsoft Teams saw a massive rise in users in the early stages of the UK lockdown, and it's easy to see why. Its abundance of collaborative features presented through an intuitive platform make working from home easy for even the least tech savvy users.
However, there's one question about Microsoft Teams that we seem to be answering time and time again: is it actually secure? Logically, the more devices we can access our information on, the more locations we can access it from, and the more people we can share and work on that information with, the more risk there is to our data.
Let’s look at the areas of potential compromise and the ways in which Microsoft deals with them below.
Security when logging on
Logging on has to be secure because if someone who shouldn’t is able to gain access to your account, they’ll have access to everything. So, even before you’ve got into Teams, Microsoft have security measures to protect you and your company data.
One of these measures is two factor authentication which means that logging in requires you to use a second authentication method such as your mobile phone. This means that even if somebody has your password, they're unable to successfully login without that second authentication method. This is particularly important as it's the "saving grace" of weak passwords.
Conditional Access is another security feature from Microsoft. It allows company administrators to set risk-based policies for access based on certain conditions. For example, if a user is accessing Teams from a new device or a new location, they will be required to use an additional method of authentication such as their fingerprint.
Security when sharing data
Effective collaboration obviously requires information to be shared, but, of course, making sure it can only be shared to, and accessed by, the necessary people is essential. This is particularly true when working on sensitive documents in Teams such as proposals or financial accounts.
One of the methods of ensuring security when sharing data is encryption. Teams data is encrypted in transit (from device to device, device to datacentre, and datacentre to datacentre) and at rest in Microsoft’s datacentres.
Additionally, Data Loss Prevention stops you from sending information to people you shouldn't, allowing you to confidently share information both inside and outside your organisation through documents, channels and chats. For example, if a document is labelled "internal" you wouldn't be able to share it to a Team with guest users. Similarly, if you tried to share some sensitive data in a chat, you would be notified that your message has been removed. These policies are customisable and allow admins to choose what is and isn't allowed.
Whilst ensuring that your data remains safe when you’re sharing it is important, it’s equally important to ensure you’re protected when people are sharing data with you. Advanced Threat Protection (ATP) helps protect users from hidden malware that might be shared with them, and is a feature we recommend every organisation uses. This malware might come in the form of a malicious link sent in a OneDrive file, or a document download sent through a Teams chat for example. ATP works by scanning your data; if anything is found to be malicious it will be deleted and you will be unable to access it.
Security when collaborating outside your organisation
Sometimes we need to collaborate easily with people outside of our organisation. Guest access (access by anyone with a business or consumer email account) is turned off by default, but if admins choose to turn it on, they then have control over which features guests can and can't use in Teams, helping to maintain the security of their business data. Guests can be removed at any time.
Security is often interlinked with compliance, and many industries and business have strict regulations to meet – some a lot more than others! Microsoft take compliance seriously and confidently meet over 90 regulatory and industry standards. They have tools available to help enable companies to reach and maintain compliance with the regulations governing their industry. One of these tools is eDiscovery which allows you to identify and manage information which may be relevant in legal cases.
Legal Hold is also important for compliance and allows you to keep users' information indefinitely or until a certain time. As an example, if you're required to keep all customer interactions for five years, you can set policies so this data is kept for the required time and then automatically deleted.
Microsoft Teams has many tools in place that enable organisations to maintain absolute security. Many of these tools are customisable so can be tailored to suit all organisations. If you're not yet using Teams, or you are already using Teams but would like security advice, set up a meeting or arrange a call back by filling in the form below.
We're here to help
Remember we're here to help. If you have any questions in terms of set up or best practice, we're available for advice and guidance.
Feel free to contact us anytime by either completing the form or by calling us on 01482 862780.