AGAT

CONTACT US
CONTACT US

Category: Microsoft Teams

Categories
Microsoft Teams

Ten Security Threats to Microsoft Teams (Part 2)

10 Security Threats To Be Aware Of Part 2

In this second delivery, we continue to reveal the top 10 security Threats to Microsoft Teams

If you haven’t read the first part here’s the link: https://agatsoftware.com/blog/ten-security-threats-to-microsoft-teams-part-1/

Fourth Threat: Malware Uploaded through Microsoft Teams Files

External users could upload malware from unmanaged devices.

Guest devices aren’t company managed, so their particular status remains unknown. That includes the existence of certain anti-malware tech. Microsoft Teams channels may include several internal users, each of which is capable of a security breach via a malicious file upload.

IT admins will need to be able to block every file upload coming from an unmanaged device, or they should be able to scan uploaded content before removing it from a channel. IT management should be informed of these types of incidents.

Soultion: Threat-protection For Microsoft Teams Teams

Fifth Threat: Data Loss through Filesharing and Teams Chats

Filesharing on Microsoft Teams can result in the loss of confidential data.

Microsoft Teams allows users to collaborate on and share files. They also have the option to chat with other members. Each of these features could end up being data loss conduits, and must be regulated.

DLP technology with sensitive content-identifying abilities must be implemented directly on Microsoft Teams file shares and chats. It should include features like exceptional logic, Boolean logic for the sake of checking multiple parameters, proximity checking, file fingerprinting, dictionary matches for specific organizations, and standard DLP data identifiers.

The scans must have the ability to be performed in real-time or as close to it, as far as file uploads and messages are concerned. Further, scanning on-demand should also be an option for the sake of looking at previously shared files and messages sent within the group. Be mindful that outside users are also capable of uploading sensitive data.

Solution: Real Time DLP For Microsoft Teams

Sixth Threat: Data Loss by Way of Other Apps

Microsoft Teams application integration can result in data being sent to an unknown destination.

Microsoft Teams lets users incorporate several independent apps that are cloud-based directly into their group environments. It provides features like sales apps, project management, HR, education, business intelligence, analytics, and polling. As beneficial as these apps are to users, independent applications come with data loss risks and security concerns. Data may get passed to another service provider outside the Microsoft Teams system.

image

Many apps are capable of transferring data through their own services. As such, IT administrators will require a system that can discover independent apps that are in use. Their risk profiles must be reviewed, and a workflow will need to be provided to notify, block, allow, audit, or remedy ate users of the app’s status. Access can be revoked as needed.

Seventh Threat: Sluggish Security is a Lot Better than Zero Security

Certain actions must be performed in real-time, lest you risk the data from being lost. Your security system may not be quick to respond, but that is a lot better than not having any security, which will only result in complacency.

Enforcement systems must support numerous actions based on the violation severity. Multiple actions must be available, including the following:

  • Adding incidents to the incident log.
  • Deleting a chat or file from the Microsoft Teams channel.
  • Removing the file’s shared link.
  • Quarantining a file, letting IT admins release it once it’s safe.
  • Quarantining a file, letting users release it once it’s safe.
  • Removing a user from the channel.
  • Either applying classification or DRM tags, or encrypting the file.
  • Sending notifications to bots, administrators, users, and other relevant people.

Microsoft Teams comes with several APIs (application programming interfaces) which may be used for security implementation. With that said, not all vendors prioritize this. As such, incident response times can be quantified in either minutes or even hours – meanwhile, incidents involving data loss might have already occurred. IT admins must check general response times regarding incident remediation. They need to make sure that responses are as close to real-time as possible.

Stay tuned for our third and final delivery.

Twitter

Categories
DLP Microsoft Teams

Microsoft Teams DLP limitations: Controlling users when being Guests outside the organization.

MS Teams DLP

Microsoft Teams DLP limitations: Controlling users when being Guests outside the organization

Controlling your users as a Guests in other tenants on external meetings

Microsoft Data Loss Prevention is rich in features and has a very wide adoption. In this article we will address two coverage limitations: First when a user is a Guest in an external tenant, and second, when an user joins a meeting hosted by external user.

microsoft DLP policies external internal 01

Introduction


This is not the first time we are talking about Microsoft’s Data Loss Prevention (DLP) add-on for Microsoft Teams. This is the previous delivery we had talking about the issue with near-real-time DLP

Now we want to put focus on an aspect that, although could be underestimated, it can significantly increase Dala Leak issues inside organizations.

Data is not inspected when your company users are guest in another company tenant 

The problem is the following: 

Suppose company A has Data Loss Prevention policies activated for their Microsoft Teams, but company B doesn’t.

Now, an employee from company A communicates with an employee from company B as a guest.

The issue will be that the DLP won’t act when that communication happens. 

Employee from company A will be able to send messages or files that violate company’s DLP without any barriers while he is a guest in company B

Data is not inspected by MS DLP when your company users joining anonymously meeting of other companies

A very frequent problem is that if a user is joining an external meeting as anonymous, this won’t be handled by native MS DLP

DLP for external chat sessions (chat with an external user) will only work if both the sender and the receiver are in Teams Only mode and using Microsoft Team’s Native Federation.

That means that if a user is joining an external meeting , this could not be handled by native Microsoft’s Data Loss Prevention

Why is it more serious than thought

Although DLP violations inside the company are already serious enough, DLP breaches to other companies will be all the more so.

Just think about an employee sending trade secrets, insider information, or any other sensitive information to other 3rd party companies.

The solution

SphereShield for Microsoft Teams Real-Time DLP addresses the problem in a complete way. It works both internally and externally, not leaving any room for DLP violations.
In addition users can opt-in for advanced DLP features that detect issues in audio conversations in real-time, as well as DLP detection for screen-sharing using OCR.

For more information, visit 

ms teams inline dlp

ms teams compliance recording and analysis

To get a free live demo, contact us

Microsoft Teams DLP limitations: Controlling users when being Guests outside the organization

Categories
Microsoft Teams File Sharing/Blocking

How to disable / block file sharing in Microsoft Teams?

MS Teams block file Sharing 2

Capabilities and limitations of using Information Barriers for blocking file sharing in Microsoft Teams, SharePoint and OneDrive

In a previous post we discussed the capabilities and limitations of Microsoft Information Barriers for O365 with great detail. However, there is a simple question we wanted to address in this post.

Many people have been requesting in the Microsoft UserVoice Forum the ability to completely disable file sharing in Microsoft Teams. This comes because of, for example, heavily regulated companies that need to disable certain types of users from sharing files back and forth.
These users can be external employees, guests, teams with very sensitive data (financial), or even governmental institutions with strict restrictions.

What is a little more complicated, is that Microsoft Teams is deeply integrated with SharePoint (for channels) and OneDrive (for chats), meaning that if a user wants to really deny filesharing for another user/group/team, that user will need to do it on the 3 channels.

Otherwise, it won’t be completely solved since the user will be able to get to SharePoint or OneDrive directly and do it

The diagram below shows how Microsoft Teams, SharePoint and OneDrive are related one to the other when it comes to file sharing

How to block file sharing in Microsoft Teams? 

So everything points to Information Barriers, the add-on Microsoft offers for compliance on their platform. 

Information Barriers has some very important features like blocking adding members to teams, blocking chats or blocking placing calls. It also has file blocking capabilities for SharePoint and OneDrive

On one hand admins can control file sharing between groups in SharePoint and OneDrive with Information Barriers for One drive and Information barriers for SharePoint.

On the other hand this does not block sharing these files in MS Teams.

The reason is that it really comes to what is the purpose of Microsoft teams.

Since Teams was built for collaboration purposes only where file sharing is the backbone of it, blocking file sharing in SharePoint or OneDrive will be of no effect for Teams.

The solution to block file sharing in Microsoft Teams

AGAT Software has developed an easy, yet powerful way to block file sharing (and other things) on Microsoft Teams.

SphereShield Ethical wall controls both upload and share operations in Teams channels, Teams chat, SharePoint and OneDrive

SphereShield can prevent a specific group that has access to financial data from being able to upload files to the cloud through any platform- MS Teams channels/Chat or the file tab of a channel of going directly to SharePoint to OneDrive

Another user case is that companies would like to restrict sharing files from one department only to users in that department. For example, HR content would be allowed only to share with other HR members but not with anyone that is not a member of HR


It’s called the Ethical Wall. The name comes because instead of creating a rigid firewall where nothing is allowed, it allows to decide which users/groups/teams/domains are not allowed to share files / write messages / do calls / share video with whom.

The possibilities are endless and everything is set up on a simple and intuitive dashboard.

For more information and to get a free live demo, contact us today

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED