Whether you're back in the office, working from home still or in a hybrid situation, you're going to be using collaboration apps like Microsoft Teams.
You're not alone. Since the start of the pandemic, Teams has grown by over 100 million users. It's a part of everyday life, now.
We've written extensively about how Teams is not fully protected. We wrote about how a compromised partner organization could've wreaked havoc on a financial firm by leveraging Teams; we've written about how a GIF of a friendly-looking cat can steal credentials; and we've written generally about the issues inherent to Teams.
Recently, Microsoft announced they will deploy their SafeLinks feature for Teams. SafeLinks is Microsoft's time-of-click protection, checking the link on delivery to ensure there's no post-delivery detonation. This feature is only for those who also use Defender (ATP). It's worth noting that we've written about how hackers bypass SafeLinks.
Still, it is a good step, as Teams previously didn't scan for malicious links.
However, it's not enough. Data loss protections are minimal; sensitive company information can easily flow to other departments or outside the organization. Impersonation attacks are simple to implement and tough to identify. East-west attacks are at increased risk; third-party app integrations broaden the attack surface.
Earlier this year, we wrote the first comprehensive report about the security (or lack thereof) of Teams. It's time to revisit that, along with our webinar detailing the findings.
As work continues to transform, it's more important than ever to ensure that every place where business is done is properly secured.