The Insecure State of Microsoft Teams Security

Microsoft Teams has quickly become the go-to application for remote work, accelerating dramatically in usage over the last year. Despite inherent trust, hacking activity in Teams is apparent, and businesses that use Teams need to secure it from DLP, malicious files and links, protecting it in a similar way they secure email.

As firms and workers across the globe went remote, Microsoft Teams saw the bulk of growth for chat and collaboration.

That growth of Microsoft Teams has been exponential and stunning. Teams usage in December 2020 is estimated to be 115 million daily users, growing from 32 million in early March 2020. After what appeared to be an early pandemic rivalry with Slack, Teams quickly became the de facto communication and collaboration app for anyone using Microsoft 365. According to an Avanan analysis, as of December 2020, only one in four users within an organization that has Microsoft 365 will actually use Teams on a daily basis, and therefore our assumption is that the major adoption of this platform within Microsoft 365 customers still has a lot of adoption ahead of it.

The success of Microsoft Teams has also made it ripe for hackers. In fact, as this year of explosive growth comes to an end, we’ve begun to see and learn how hackers are targeting this platform for data, personal and corporate information, and as a jump-board for other attacks.

Avanan analyzed nearly 200 enterprise customers for two months. In doing so, we were able to uncover current hacking activities and trends in Teams, as well as assess the overall cybersecurity risk involved in using the service.

The first and perhaps most important thing to know about Microsoft Teams is that, by default, it is not protected:

  • With one click, sensitive information can be forwarded outside the organization, either by user error, insider threat or hackers that compromised an account.
  • External members might be added to a channel and team members may not realize that there are external members on a certain channel, and share proprietary or confidential information.
  • Compromised partner’s accounts could be used by hackers to attack the organization’s end-users, while the organization has no control over the…