Microsoft Teams has rapidly become a key collaboration tool for many organizations quickly growing from 44 million to over 75 million users in just a few months. However, if not set up properly from the start it can potentially leave your business-critical data exposed from accidental sharing or oversharing with the wrong individuals or Teams – or worse theft. Ensure Microsoft Teams information protection success and avoid any pitfalls by making sure you provision sites/teams with these 3 key practices in place.
Applying Lessons Learned from an Old Challenge
The challenges of the rapid adoption of a new collaboration tool are not new. There are parallels between the explosive growth of Microsoft Teams that we are experiencing now and the viral adoption of SharePoint during its early iterations. It’s important that we learn from the early SharePoint years and not repeat those mistakes with Teams.
The stakes for getting security wrong are much higher today. New regulations such as GDPR and California Privacy Acts have upped the game on an organization’s responsibility to safeguard data, as well as the financial penalties already costing organizations millions. The risk to IP is also greater with corporate espionage cases like Google vs Waymo, underscoring the risk to an organization’s trade secrets from collaboration tools. These risks are exacerbated by ease and speed at which information can be shared in Teams. The severity of the penalties for incorrectly handling information and risk to the business demand a better solution this time.
Organizations need to approach a Microsoft Teams roll out with the same thought process that ultimately became a SharePoint best practice – namely a more governed and controlled creation of Teams that has right the balance between user and security needs. If you rolled out Team in a hurry to accommodate remote work, you should retrofit with these best practices as soon as possible.
3 Key Ingredients to Provision Teams with Information Protection
The key to achieving this balance is to ensure that Teams are setup for success from the moment that they are created to ensure information is properly protected. Leveraging a provisioning process or tools can help ensure it gets off to the right start. Although it requires a little work, there are capabilities provided by Microsoft to create templates that help to ensure that individual Teams are created with the appropriate structure and attributes e.g. can guest users be added or only allow internal users.
Although it may seem that properly provisioning a Team does little to prevent accidental sharing, oversharing or misuse, it builds a strong foundation to support information protection in a few ways:
- User training can be aligned to the approved use cases and associated templates so that users are guided to use Teams correctly based on how a Team is labelled or categorized.
- It removes the reliance on Team owners to ensure that sharing settings or tabs are correctly added or configured for the Team. The news is full of data breaches that have been the result of an incorrectly configured cloud repository. Although Microsoft Teams by default has a more closed membership, and therefore access to the information within it, a risk still remains if the wrong users or group of users is added to the Team.
- Creation of Teams through a provisioning process or tools provides many of the properties that additional technologies can leverage to prevent accidental sharing.
Leveraging a provisioning process and templates for setting up Teams will get you on the right path for secure collaboration of business-critical information. However, it’s important to note that while the Microsoft templates offer a good starting point, they do fall short when it comes to fully protecting your information.
Let NC Protect Be Your Secret Ingredient for Baked In Protection
Third party products offer features not available in the native Microsoft experience. A solution like NC Protect can leverage the foundation set above to automatically apply information protection. NC Protect can dynamically control access to content in the Team and control how authorized users can share it and with whom, create flexible real-world information barriers, provide enhanced chat blocking, dynamic security watermarks, and more.
By augmenting Teams with third party products like NC Protect you can gain additional capabilities that leverage and add value to your existing Microsoft investments to automate data protection cheaper, faster, and simpler than using native tools.
Get More Tips on How to Ensure Information Protection in Teams
Join Nucleus Cyber’s Dr. Steven Marsh for a webinar on June 3 at 2pm ET to highlight four critical steps for information security in Microsoft Teams and explore the tools to reduce accidental or malicious exposure of business-critical information.
Join us to learn:
- Steps to ensure secure remote collaboration within Teams
- How to reduce accidental sharing and controls access in Teams without the complexity of native Microsoft tools using NC Protect
- Creating information barriers that work in the real world