Due to recent unavoidable circumstances, many organisations around the world are having to actively utilise cloud collaboration tools such as Microsoft Teams, Microsoft 365, One Drive, and others. For example, Microsoft Teams recently announced that it had set a new daily record of 2.7 billion meeting minutes, which is up 200% compared to March of last year.
While such tools are great enablers of remote work, they can increase security risks, and especially the risks posed by the insider threat. In fact, a recent study found that only 23% of remote employees had received any guidance on how to use platforms like Microsoft Teams. The result is that the majority of employees might not even think that they are putting company data at risk when they share sensitive files in chats and channels, assuming that it is someone else’s responsibility to protect the data. The problem is that software and collaboration platforms such as Microsoft Teams rely heavily on SharePoint Online to store files which are shared in conversations, on OneDrive to store files in private chats, and on Azure AD to manage and authenticate team members. Such storage locations appear automatically once the user creates a specific team or chat, which lacks sufficient security controls. Once users indiscriminately use Teams, numerous locations in OneDrive and SharePoint Online appear, of which users do not ever think of. There is a high risk of data overexposure in such storages.
Flexibility comes with risks
Popular cloud collaboration platforms such as Microsoft Teams are often very useful in supporting the collaboration needs of a remote workforce. Yet, the side effect of this flexibility is a high risk of human errors, as many employees might ignore security best practices just to do their job faster. The most common types of mistakes to be avoided are:
Privilege elevation – Since groups in Teams are very adjustable, it is very easy to lose track of user access rights. In fact, group owners might grant access rights to their colleagues even though some may contain files with sensitive data such as financial materials or intellectual property. This can result in uncontrollable Azure AD changes and manipulations with sensitive data in SharePoint Online.
Insecure data sharing – Sharing sensitive data or credentials via collaboration platforms can lead directly to the risk of data leaks and compliance fines. For example, some employees might ask their colleagues to share information or credentials via chats or team conversations, because they might not have access to password manager, and do not want to wait until the IT team resolve their request for this access. However, insecure data sharing results in sensitive data or credentials residing outside of the secure location, where they can be easily copied by other employees, which might eventually result in a data leak.
Data downloading – Downloading sensitive data from collaboration platforms to employee’s devices increases risks of data leaks and compliance violations. Working remote, employees are more prone to this mistake. Such obstacles as poor internet, a slow VPN-connection, and the need to spend too much time searching for the necessary document in the corporate storage might be so frustrating that some employees decide to download data to their devices as an obvious option to simplify their job.
Best practices for risk mitigation
It is important that every organisation considers a cloud collaboration platform as a new element of its IT infrastructure that requires a modern security approach. The very first fundamental aspect of this is establishing a solid design structure of groups and teams that reflect business needs, as well as development of dedicated security policies. Moreover, it is vitally important to arrange a series of training for end-users, and to educate them on the ‘dos’ and ‘dont’s’ when working with cloud collaboration platform.
Another important aspect is to ensure that an organisation can control how well the employees follow these rules. This can require implementing technology that is capable of monitoring activity and permissions around sensitive data. For example, in case of Microsoft Teams, it is important to monitor interactions with sensitive data in SharePoint Online, as any ‘team’ in the application is backed up by a dedicated site to store all data exchanged in on the platform. It is also important to track Azure AD changes, as it is used to store and manage authentication to these new environments​. Such measures will help an organisation to minimise the risk of an insider threat.
Secure against the weakest link
When an organisation implements new technologies, especially if they lead to new ways of work, it inevitably brings new risks that the organisation must address. Even if the technology provider offers high levels of security, employees are often the weakest link since a new environment can contribute to errors. Therefore, an organisation must continually assess risks that occur under new circumstances and outline a range of preventive measures.
Matt Middleton-Leal is a Certified Information Systems Security Professional (CISSP®). He is currently EMEA & APAC General Manager at Netwrix, provider of visibility and governance platform that supports both on-premises and hybrid cloud IT environments. Matt has 20 years’ experience in cybersecurity industry with deep understanding of both customers’ and suppliers’ needs.