How to ensure controls are in place to ensure information is being shared in accordance with regulatory and internal guidelines.

As you’ve probably seen on our blog, LinkedIn, or in the various tech journals, last week Microsoft Teams hit 44M daily active users, spiking 37% in just one week amid the work from home surge with COVID-19.  Microsoft 365 corporate vice president, Jared Spataro, called it an “inflection point” and said “we’re never going to go back to working the way we did. We’re going to look back and realize that this is when it all changed.”

As a result of how the workplace has quickly changed, the amount of inquiries we’re seeing for governance and security in Microsoft Teams has dramatically increased. One of the questions that keeps coming up is specifically around securing Teams chats. In particular, the ability to monitor for and prevent / block chats containing sensitive information has become a major issue for organizations with the increased number of remote workers, especially in regulated industries like financial services, healthcare and pharmaceuticals.

Work from Home Raises Information Sharing Concerns for Teams Chats

With the rapid expansion and new users adopting Teams, our customers are trying to figure out how to manage the increase in the amount of sensitive information being shared across Teams chat:  personally identifiable information (PII), protected healthcare information (PHI), financials, IP, HR information, etc. It is quickly becoming a significant area of exposure for all types of organizations.

Currently, we’re working with a large bank and a non-US central government agency to ensure both Teams file content and chat conversations are accessed and shared in accordance with underlying compliance requirements in a work from home (WFH) environment. While the particular use cases for each customer are different, they have one commonality – collaboration of sensitive information. The bank is concerned with employees inappropriately sharing account information across Teams chat. While the government agency is concerned about staff sharing its citizen’s personal information via Teams chat.

In both cases the majority of staff generally consider Teams chat to be an innocuous way of communicating with coworkers that isn’t breaking any rules. However, when you’re dealing with sensitive information that falls under regulatory oversight, like PII, PHI and financial information, it’s not always the case. We recently detailed the some of the issues in a blog on the 4 Top Data Security Concerns of Rolling Out Microsoft Teams. The main concerns for regulated organizations fall under enforcing information barriers, auditing/tracking of sensitive information access and/or sharing, and unauthorized sharing that could constitute a breach or compliance violation.

Enabling Secure Collaboration and Messaging in Teams – Now and Later

Even in regulated industries, the benefits of Teams chat and file sharing far outweigh the risks in this new work from home age – as long as there are controls in place to ensure information is being shared in accordance with regulatory and internal guidelines.

NC Protect Extends Data Protection Capabilities to Microsoft Teams and YammerWhile Nucleus Cyber’s secure collaboration for Teams solution has been on the market for a while, it’s never been more relevant. Why? NC Protect for Microsoft Teams prevents accidental oversharing, misuse and theft of chat messages and file content in Microsoft Teams by enhancing out-of-the-box security with:

  • Granular, conditional security to ensure sensitive/confidential files and chats are shared only with authorized internal and third party individuals and/or groups according to business and regulatory policies.
  • Unique, information protection capabilities such as user-specific watermarks and secure read-only access through a zero-footprint file viewer not available out-of-the-box.
  • Ability to set-up Information Barriers between internal communities, such as business units, research groups and traders in financial securities companies to meet regulatory compliance.
  • Auditing and tracking of access to sensitive information.

Organizations using Teams as well as SharePoint (both on-premises and online), Office 365 and Exchange for storage and collaboration can leverage dynamic rule sets across all platforms to centrally manage policies, classifications and controls. NC Protect can also leverage and consume AIP labels from Microsoft 365 E3 and E5 applications.

Resources to Help You Better Secure Your Content in Teams and other Microsoft Tools

Here are some of the assets that we’ve created including blog posts, white papers and recorded webinars to help guide you through securing collaboration in Microsoft Teams as employees work from home during this crisis and in the long term:

If you have any immediate needs or questions about information protection in Teams, SharePoint, Office 365, Dropbox or files shares, please contacts us.