Ashville NC IT Support Company | Blue Ridge Technology, Inc.

The Dark Side to Microsoft Teams

Are you using Teams to share sensitive data?

We love Microsoft Teams as a collaboration, chat, and video calling hub. The way it integrates deeply with everything else in Microsoft 365 is nearly miraculous when it works as it should, Microsoft Teams keeps getting better, the tool is one of the biggest influences on making our new way of working work well.

But did you know that Microsoft Teams has a dark side? Don’t get us wrong: the app is well built and generally secure. But there are risks you should be aware of, mostly centering on how your employees use the app.

Here’s what you need to know.

What Are People Sharing?

Understanding the risks of Teams starts with understanding what people are sharing on the app.

Sensitive, Confidential, and Critical Information

Recent research found that around half of employees admit to sharing sensitive company information on Teams. To be honest, we think that number is a little low. After all, Teams is specifically designed for sharing information within a company, so there’s no surprise that people do exactly that.

Around half have also sent even more crucial business-critical information over teams, and nearly the same percentage know they have at least once sent a message to the wrong person.

So if you connect the dots, you’ve got people sharing confidential or even critical information over Teams and also regularly sending information to the wrong places. What could possibly go wrong?

Now, in the office, using secured PCs only, the risks are fairly low. Yes, there’s a risk of the wrong person receiving a confidential document. But that risk has been around a lot longer than Teams: it could happen over email or even via paper memo.

The trouble is, Microsoft has made it so convenient to use Teams on any number of devices. And you can’t always control the security of those devices.

If an employee accesses sensitive data on a compromised smartphone, you may have a serious security concern on your hands.

Inappropriate or Personally “Confidential” Information

There have been plenty of stories lately of employees getting caught sending inappropriate stuff over Teams, like complaints about the boss or abusive comments about a coworker.

There are all sorts of reasons you don’t want this to happen in your business, from camaraderie to company culture to the threat of a harassment lawsuit.

What many employees don’t realize is that Teams is a business chat tool. There is no expectation of full privacy. Everything is logged, and administrators can, when necessary, see what a user’s been up to.

Does Your Business Understand Your Teams Environment?

Another issue we see is that some businesses get started in Teams without really understanding how the app works. The great thing about Teams is that you can customize it to do all sorts of things and fit the needs of your particular business context. But that’s also a point of weakness: it’s all too common for businesses to end up with an unplanned, chaotic, confusing mess of a Teams environment.

The Importance of Governance

The solution to this is governance: setting up policies and environments centrally and deciding which apps, services, and extensions to enable (and which to disable). With good governance, organizations can use Teams to its fullest by creating a consistent experience across teams and users.

How to Combat the Dark Side of Teams

Two tactics can protect you from the concerns we’ve shared here. First is education. Make sure your people know what is and isn’t OK to share on Teams, both in terms of confidential files and interpersonal communication.

Second is endpoint protection and mobile device management, or MDM. These technologies can greatly reduce the risk of devices being compromised on your network and of already-compromised devices accessing anything of value. There’s some complexity to setting these systems up, but we’re happy to help you with this crucial service.

Questions? Needs? Reach out to our team today.