Are you using Teams? Seems like just about everyone is using Teams. That would seem to boost Microsoft’s statement that Teams is the fastest growing app in their history. For those unfamiliar with what Teams is, Teams is a chat-based workspace within the Office 365 ecosystem. A place to work and collaborate with internal and external team members. A little bit of history – Teams was first released in November 2016, and since its release, the number of organizations adopting Teams has grown to some 330k organizations around the world (last published number as of Sept. 2018). A year prior to that, it was roughly half that number. Its tremendous growth and adoption are in part that Teams is made available free-of-charge with almost every Office 365 subscription.
With the rise in growth of Teams, we inexorably need to turn our focus to security. While there are many security/governance issues to take into consideration with adopting Teams, as in; what kinds of data is being stored in Teams, when are Teams removed, who can create a Team, etc., for this blog, I am going to focus on the more malicious security issue, malware!
Malware in Teams? Sure, why not, accidents happen, anyone in our community can accidentally upload a document into Teams (hopefully not though). Something a little more nefarious, what if an account gets compromised and the bad actor purposefully adds malware ridden document(s) into Teams or makes a conversation post and adds a malicious website link for people to click on. Sounds like we should have something in place to protect us from those types of things, right?!? If your organization happens to be subscribing to the Office 365 Advanced Threat Protection (ATP) service, then you have something available for this type of protection already. Just need to turn it on!
Within the ATP service, there are several settings that will extend its malware/phishing protection capability into Teams, both for documents as well as web links.
Let’s take a look.
Safe Attachments – Within the Safe Attachments service (responsible for scanning documents for malicious content), there is a setting specifically aimed a document protection within Teams. With this setting active, any documents within Teams would be examined for malicious content when opened:
Safe Links – Within the Safe Links service (responsible for scanning web links for malicious content), there are a handful of options that should/would be enabled to protect against malicious links, any web links would be routed through the Safe Links service and access prevented if malicious items were detected:
If your organization makes use of Microsoft Teams and has the Advanced Threat Protection service, the settings outlined above should be enabled. If the Advanced Threat Protection is not already part of your security portfolio, please contact Sikich for more information about this service and how to implement it. For additional information, please see my blog about Advanced Threat Protection.