Is your sensitive data at risk? Request a free scan to learn more.

Polymer

Download free DLP for AI whitepaper

Data breach risks from Microsoft Teams

Jun 14, 2021
Microsoft Teams
Microsoft Teams Data Breach

Summary

  • Only 25% of companies run regular compliance, governance, and routine checks on Microsoft Teams, which puts many organizations at risk for a data breach. 
  • Without the right checks and balances in place, it’s far too easy for employees to inadvertently leak sensitive data or for cyber criminals to compromise user accounts.
  • The best way to avoid data breaches over Microsoft Teams is to monitor and protect the information being exchanged with a cloud-based data loss prevention (DLP) tool. 

Microsoft Teams has rapidly turned out to be the to-go-to application for remote work, accelerating exponentially in usage over the last twelve months.

Teams boasts an impressive 145 million active daily users, marking a 26 percent increase up from 115 million daily active users in October 2020.

However, despite the intrinsic trust, the success of Microsoft Teams makes it ripe for cybercriminals.

Hacking activity in Teams is apparent, and organizations need to secure it from malicious files, DLP, and links – the same way they’d take precautions against phishing emails.

iGov and Exec analyzed over 200 organizations and uncovered the following:

A Staggering 75 percent of organizations implemented Microsoft Teams just like that  

The unanticipated pandemic meant a sudden shift to remote work. Teams quickly become the de facto communication and collaboration tool to help maintain workplace productivity.

In the haste to adopt Microsoft Teams, 75 percent of organizations did not have articulate governance or security plan, which left them exposed to external and internal threats.

IT teams have a misguided belief in the collaboration security

Up to 95 percent of organizations are upbeat about their compliance with internal and external regulations. 

In fact, 93 percent of companies falsely believe that they rolled out Teams while ensuring the application is safe against unauthorized access and data breach.

Inversely, only 25 percent of companies run regular compliance, governance, and routine checks

According to iGov and Exec, only 28 percent of organizations reevaluate their Microsoft Teams settings and membership every year to identify potential risks.

Even more shocking, 85 percent of companies don’t remove guest users on Teams.  Up to 88 percent of organizations don’t know who accesses their internal data for audits, potentially exposing them to insider threats.

Moreover, 87 percent of organizations cannot recover individual files deleted on Teams over the last twelve months or more.

Clearly, the spike in Team’s usages comes with its fair share of security challenges. 

Here’s what this means:

There’s a need for more collaboration security

While many companies using Teams don’t have a security plan, 57 percent of organizations agree that becoming compliant shouldn’t be a problem.

Actually, 37 percent of businesses are ready to plow money into a robust Teams governance and management infrastructure. That way, they can ease the pressure on IT to track possible vulnerabilities while remaining compliant with regional and industry privacy requirements.

Governance automation for organizations using Teams is necessary

The ripple effect of adopting Microsoft Teams as a central collaboration and communication tool in an organization is increased responsibilities for IT.

The first and most important thing to know about Teams is that it is not protected by default. On top of that:

  • With a single click, sensitive info can leak to the outside world either via insider threat, error, or cybercriminals that compromised an account.
  • External members are added to a channel, making them privy to shared proprietary or confidential information.
  • Hackers can use a compromised account to infiltrate an organization’s end-users and wreak havoc.
  • Microsoft Teams channels created by partners do not permit visibility to the organization’s channel through the admins API. Therefore, a company cannot determine what has been shared on such channels, meaning the data go unaudited.
  • End users typically share anything on Teams, including sensitive data, due to the assumption that, unlike emails, no one is monitoring the information.

In addition, Teams, by default, doesn’t offer security for malicious content:

  • Links in the chat don’t get scanned at all.
  • While files undergo scanning, it doesn’t happen instantly, which means malware can sit in the chat for hours.

How to safeguard your organization from Microsoft Team data breach risks

The best way to avoid data breaches over Microsoft Teams is to monitor the information being exchanged on your channel.

Polymer’s Data Governance and dat loss prevention (DLP) solution for 3rd party applications identifies, alerts, and secures sensitive data in real-time over chats, enabling your organization to avoid data breaches.

On top of that, the solution protects your company from insider threat while ensuring that no one is monitoring your Teams channels.

Get started with Polymer today.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.