Microsoft Teams has rapidly become a key collaboration tool for many organizations. However, it can potentially leave you exposed to data breaches from accidental sharing of the wrong files or sharing sensitive info with the wrong Team – or worse data theft for personal gain.
According to the new “2020 Cost of Insider Threats: Global” report from The Ponemon Institute the number of insider-caused cybersecurity incidents have increased by a whopping 47% since 2018, with the majority (62%) of these incidents caused by negligent insiders. As a result, some are stalling Microsoft Teams deployments while they wrestle with how to address this issue, caught between satisfying user demands for the collaboration benefits that Teams offers and how to manage the sharing and protection of sensitive information.
Customers in regulated industries are particularly trapped in this quandary of how to balance user needs with their legal responsibilities for appropriately handling sensitive information including customer details, financials, HR information, patient data, insider trading information, intellectual property and more. And for good reason, the average annual cost of an insider breach is $11.45 million but is significantly higher for financial services ($14.50 million), Energy & Utilities ($11.54 million) and Retail ($10.24 million).
What are the options for mitigating against the accidental sharing and oversharing in Microsoft Teams?
If you’re worried about or struggling to secure your Microsoft Teams collaboration, it is possible to take advantage of the productivity and business benefits it offers without risking sensitive information. We’ve put together 8 tips to help you prevent oversharing and the potential for insider threats that can lead to costly data breaches.
1. Don’t Do This
Before we get into some of the things that can be done to mitigate the risk, first let’s look at an approach that is destined to fail: cutting off collaboration tools or making it too difficult for users to create and adopt Teams.
While this approach may solve the problem in the very short term, long term it is bound to cause frustration among end users and increase the risk of shadow IT as users look to work around overly restrictive IT control.
A common example is removing the ability to add external members to Teams. This approach is akin to asking users to circumvent Teams and IT. If there is a need for users to collaborate externally it is much better to find a solution within your corporate sanctioned tools rather than force users to seek their own solution.
There are many positives to embracing Teams for collaboration, instead we must look to how to mitigate the risks of accidental oversharing more effectively than opting for blocking its use.
2. Focus on the Users
A recent survey by Cybersecurity Insiders highlighted how much organizations rely or plan to rely on user education to mitigate against ‘insider threats’ – the industry term that includes the accidental oversharing scenario that we are discussing here.
It makes sense that user education should play a part in mitigation. After all, the security of business information assets is the responsibility of everyone in the organization. It would be unfair to place that responsibility on users without providing appropriate levels of education. However, as you can imagine, there are some potential flaws with this approach.
One issue is that regardless of how much training takes place, accidents will still happen. It’s all too easy to put a file in the wrong location as users jump between their ever-increasing list of Teams that they have membership to. In this scenario it does not matter how much training has focused on the correct places to share information.
3. Read our new eBook for Tips 3- 8
Learn how to empower Teams users collaborate freely without risking your sensitive information, including:
- 3 Steps to ensure you set-up Teams for success from the start
- Pitfalls of using private channels
- Tools for protecting sensitive information and files shared in Teams