Microsoft Teams is one of the platforms commonly used by employees who are working from home. It allows for collaboration and app integration between users within the same or different organizations, which opens it up to possible abuse by malicious users.
Potential risks
- App integration is a feature in Teams that can be abused by malicious users.
- Links in the chat are not scanned for malicious content.
- Files are not instantly scanned, which means that malware can sit in the chat for hours.
- By default, members of a channel are allowed to add a webpage via URL to a channel’s tab. This feature can be abused by posting a malicious webpage.
Best practices
- Be cautious when clicking links posted in Teams
- Always ask and verify the legitimacy of content posted in a channel’s tab
- Assign proper permissions when creating a team or channel
- Files or documents should be password-protected
- Use multi-factor authentication
- Scan content for malicious files and links
- Enforce least privileged access across Teams and Office 365
- Classify sensitive data and use Microsoft Azure Information Protection (AIP) or compatible security software for additional protection
- Prevent file download to unmanaged devices
- Audit external sharing
