115 million people use Microsoft Teams daily. As remote meetings become a staple in the modern workplace, virtual conferencing tools like Microsoft Teams provide unparalleled value to remote-based operations. But is Teams safe for remote workers? Sharing data and discussing ideas in a physical workplace—where walls and on-premise cybersecurity policies exist to keep you safe—is far different from collaborating on laptops and cellular devices miles away from one another.
Recently, we’ve seen a surge of questions from our clients about Teams, the main question being this: “Is Teams safe?” The answer is yes, it can be! Teams itself is a hyper-secure solution backed by Microsoft’s enterprise-grade security and industry-leading policy controls. But, at the same time, using Teams isn’t natively safe. You still have to leverage the proper policies, strategies, and procedures. In other words, Microsoft Teams isn’t the weak link in conferencing security; your team is.
Understanding the Current Threat Landscape
In “normal” years, cybersecurity is a top-level concern for nearly every organization (big or small). In the first half of 2019, over 4.1 billion records were compromised during data breaches. And, according to IBM, it took organizations (on average) 314 days to mitigate these breaches, costing them over $3.92 million on average. Things are even worse for businesses that deal with highly-sensitive information. 26% of law firms experienced a direct security threat in 2019, and—for smaller firms without significant liquidity 60% will go out-of-business within 6 months of a breach. In other words, cybersecurity is an increasingly important component of the modern business framework. Last year, 68% of business leaders felt that their threats were increasing, but no one could have guessed what was coming.
COVID-19 changed the threat landscape. According to the U.S. Chamber of Commerce, in the first quarter of 2020, there were one million spam messages, 737 pieces of malware, and 48,000 malicious URLs all directly related to COVID-19 content. Even worse, botnet attacks are up 29%, and exploit attacks (which easily take advantage of home networks) are up by 13%. In other words, COVID-19 is a hackers’ paradise. The beginning of the pandemic saw nearly every employee shift to remote spaces, and that trend may stay. The most recent Gallup poll shows that over 54% of businesses have at least some remote employees—with 9% being fully-remote (and likely to stay that way).
Suddenly, everyone has new digitally-driven workflows. Unfortunately, secure on-premise networks have been replaced by shaky home networks. Carefully-curated at-site cybersecurity policies are suddenly gone, replaced by ad-hoc threat mitigation strategies.
The front-and-centre of this new threat landscape is virtual meeting tools. Remote meeting tools have jumped 84% in usage over the past few months, and Microsoft Teams sees billions of meetings minutes per day. According to threat research by Security Intelligence, virtual meeting tools are the single most significant security threat in the remote work boom.
So, how do you protect your firm and your employees from malicious hackers? Here are 5 cybersecurity tips and strategies to lock into your Microsoft Teams environment.
1. Keep Conferencing Software Up-to-Date
Hackers are constantly evolving their strategies. So, in turn, software providers regularly put out software patches to remediate any new or emerging vulnerabilities. Unfortunately, a large chunk of users don’t update. Millions of users run out-of-date Windows 10 software. Worse yet, hundreds of millions of PCs still run Windows 7—which is now at end-of-life. The same can be said for anti-virus software and/or anti-malware software. Ten percent of consumers have expired antivirus software.
Updating conferencing software, operating systems, and protective software is crucial to security. This is a two-pronged issue. First, employ a robust internal IT team or hire a managed service provider (MSP) to keep software up-to-date. Second, create policies and educate employees on how and when to update their software.
2. Protect Meetings With Unique Passwords
After the infamous Zoom debacle earlier this year, it’s safe to say that protecting meeting rooms from prying eyes is front-of-mind. With Teams, this is pretty easy. For starters, set up policies when your organization first starts using Teams to do most of the heavy lifting. Vertex highly recommends leveraging Microsoft’s Two-factor Authentication (TFA) features. This is an included option in the Microsoft 365 environment, but needs to be configured. According to Microsoft, TFA prevents 99.99% of all account hacks. Authenticating protects your meetings from uninvited visitors. Don’t use fixed personal IDs. Opt for uniquely generated passwords for each and every meeting.
3. Understand the Biggest Security Threat: Your People
The vast majority of hacks don’t happen in Kernel commands or due to built-in software vulnerabilities; they’re caused by people. 62% of businesses experienced a social engineering attack last year. Simply put, your people are your weakest link. That makes creating the right policies, procedures, and strategies to help them navigate the complex world of cybersecurity important. Additionally, consider training employees on the risks and dangers of phishing and social engineering. This is an area where having a dedicated security partner is helpful on a massive scale. They can assist you with policies and training as well as building the physical infrastructure you need to mitigate underhanded phishing attempts.
4. Prioritize Network Security
As remote workers leave the confines of your on-premise network, you face a serious challenge. How do you keep your employees, your data, and your systems safe when employees are accessing meetings from their home networks? This requires a multi-layer approach. We highly recommend securing hardware specifically meant for remote employees. You can pre-load this hardware with policies and software to keep it secure. Additionally, you should encrypt data (both in rest and in transit) and move operations over to cloud-based desktop platforms. Your overall goal is to thwart home network issues from entering your security landscape in the first place. If you try to tackle these issues ad-hoc, you’re in for a nasty surprise; home networks are threat-prone.
5. Use the Right File-Sharing Clients
Select and standardize on a file-sharing client for your firm. If you use Teams, you should consider SharePoint and OneDrive. Don’t allow any other options. Yes! Technically, you can use any of the secure file-sharing solutions on the market, but you shouldn’t. OneDrive and SharePoint natively integrate with the Teams ecosystem. Accounts, passwords, Two-Factor Authentication, policies, and standards will be shared across your Microsoft solutions. In other words, it prevents you from having to rig together multiple unique security solutions and manage data sprawl across different platforms.
Vertex Keeps You Secure
Virtual conferencing is here to stay. And we fully expect the majority of law firms to integrate Teams into their regular workflows (if they haven’t already). According to the ADA, a mere 25% of law firms have an incident response plan. Chances are, your firm doesn’t have the security infrastructure to support remote meeting tools. We can help. At Vertex, we provide best-of-breed IT services to law firms. From hardware and software to policies, procedures, and risk mitigation tools, we’ll keep you secure and operational both on-premise and in remote environments. Contact us to learn more about our managed IT services.