There have been recent reports of a security issue within Microsoft Teams. What does this vulnerability entail, and how can you protect yourself from it?
File sharing within and outside the organization
When you initiate a Teams chat with individuals within your own Microsoft 365 environment, it’s possible to share files via OneDrive, indicated by the paperclip icon. However, when chatting with external users – people outside your Microsoft 365 environment – file sharing is not allowed. This prevents unknown users from sending files to employees within your organization.
A potential vulnerability
Despite this security measure, there is a potential risk. External parties can send files, including potentially harmful software, to internal users by bypassing user-side security controls. Normally, this would prevent external users from sending files to internal employees. Malicious individuals can alter an external hyperlink to make it appear as if it’s an internally shared file. When an employee clicks on it without suspicion, the external file gets downloaded.
Measures to consider
User awareness:
- It starts with a good understanding of Microsoft Teams and how it’s used.
- Inform employees about the organization’s current guidelines.
Technical measures:
- Consider disabling the ability to have Teams chats with external users altogether.
- However, keep in mind that this option may hinder collaboration with other organizations. A well-considered choice is crucial.
Questions
If you have any questions about this topic, please contact Nick Reijmers at 088 – 088 4321 or nreijmers@ndi.nl.