Eight tips to prevent data sharing risks in Microsoft Teams
Microsoft Teams has rapidly become a key collaboration tool for many organisations. However, it can potentially leave you exposed to data breaches from accidental sharing of the wrong files or sharing sensitive info with the wrong Team – or worse – data theft for personal gain.
According to the new “2020 Cost of Insider Threats: Global” report from The Ponemon Institute, the number of insider-caused cyber security incidents have increased by a whopping 47% since 2018, with the majority (62%) of these incidents caused by negligent insiders. As a result, some are stalling Microsoft Teams deployments while they wrestle with how to address this issue, caught between satisfying user demands for the collaboration benefits that Teams offers and how to manage the sharing and protection of sensitive information.
Customers in regulated industries are particularly trapped in this quandary of how to balance user needs with their legal responsibilities for appropriately handling sensitive information, including customer details, financials, HR information, patient data, insider trading information, intellectual property and more.
What are the options for mitigating against the accidental sharing and oversharing in Microsoft Teams?
If you’re worried about or struggling to secure your Microsoft Teams collaboration, it is possible to take advantage of the productivity and business benefits it offers without risking sensitive information. We’ve put together eight tips to help you prevent oversharing and the potential for insider threats that can lead to costly data breaches.
1. Don’t do this
Before we get into some of the things that can be done to mitigate the risk, first let’s look at an approach that is destined to fail: Cutting off collaboration tools or making it too difficult for users to create and adopt Teams.
While this approach may solve the problem in the very short term, long term it is bound to cause frustration among end-users and increase the risk of shadow IT as users look to work around overly restrictive IT control.
A common example is removing the ability to add external members to Teams. This approach is akin to asking users to circumvent Teams and IT. If there is a need for users to collaborate externally, it is much better to find a solution within your corporate sanctioned tools rather than force users to seek their own solution.
There are many positives to embracing Teams for collaboration. We must look at how to mitigate the risks of accidental oversharing more effectively than opting for blocking its use.
2. Focus on the users
A recent survey by Cybersecurity Insiders highlighted how much organisations rely or plan to rely on user education to mitigate against ‘insider threats’ – the industry term that includes the accidental oversharing scenario that we are discussing here.
It makes sense that user education should play a part in mitigation. After all, the security of business information assets is the responsibility of everyone in the organisation. It would be unfair to place that responsibility on users without providing appropriate levels of education. However, as you can imagine, there are some potential flaws with this approach.
One issue is that, regardless of how much training takes place, accidents will still happen. It’s all too easy to put a file in the wrong location as users jump between their ever-increasing list of Teams they have membership to. In this scenario, it does not matter how much training has focused on the correct places to share information.
3. Read our new eBook for tips three to eight
Learn how to empower Teams users to collaborate freely without risking your sensitive information, including:
Three steps to ensure you set up Teams for success from the start;
Pitfalls of using private channels; and
Tools for protecting sensitive information and files shared in Teams.
Nucleus Cyber is the intelligent data-centric security solution for the modern workplace providing dynamic, granular information protection that leverages existing infrastructure investments. The NC Protect platform dynamically adjusts file access and protections based on real-time comparison of user context and file content to enforce data governance and security policies for more secure collaboration. It minimizes data loss and misuse risk for a wide range of digital environments including SharePoint, Office 365, Teams, Yammer, Dropbox and file shares. For more information visit www.nucleuscyber.com or follow @nucleuscyber.
Email - email@example.com
Private Protocol is a data security provider offering solutions and strategies that cover Mobile Device and Information Security, Secure Data Collaboration, Secure Messaging, SharePoint/O365 Security and Compliance, Data Classification, File Share Security and Compliance, Web Content Compliance, Data Leakage Prevention, Endpoint Security and Cloud Security. Private Protocol also offer Cloud Risk Assessments, so companies can understand the impact cloud is having on your business and highlight any risk that may be associated. Private Protocol cover Africa and Indian Ocean Islands and have a distributed partner channel.