The 2021 guide to remote working cyber-security with Microsoft Teams

One of the (many) challenges businesses dealt with during 2020 was the sudden shift to remote working. And going into 2021, it is obvious that remote working is here to stay for many businesses—enabled by team collaboration solutions such as Microsoft Teams and similar offerings. What is most interesting is how quickly attitudes toward remote workforces changed. A survey of business leaders by top research firm Gartner in June 2020 found that 82% intended to permit some employees to keep working remotely over the next year, but a survey conducted near the end of 2020 by Enterprise Technology Research found the percentage of workers permanently working from home is now expected to double in 2021. Yes, business owners went from “we’ll allow some flex time and let you attend Microsoft Teams meetings from home every now and then” to “get on Microsoft Teams and work from wherever you want” in just a few short months! That’s a key reason why the user count for Microsoft Teams has risen over 260% in just the past year to an incredible 115 million daily active users.

Amaxra not only enables safe remote working for entrepreneurs using Microsoft Teams cloud-based collaboration solutions, we also are an early adopter of Teams for our own workforce—which also went 100% remote in August 2020. To help your business have a safer and more productive 2021, Amaxra takes a look at how you can successfully and securely enable team collaboration for all using Microsoft 365 and Teams.

Protecting all employees against cybercriminals

Whenever a business enables their employees to work from home, there are hackers and cybercriminals preparing to exploit those of us remote working. For most business information technology (IT) department, cybersecurity has focused on ensuring that hackers and other cybercriminals cannot access the computing devices in the corporate office. However, home networks are typically less secure than corporate infrastructure. This is the reason why 31 percent of global companies reported daily cyberattacks in 2020, mainly targeted at their remote workforce.

The quickest and simplest way for an IT department to adapt their cybersecurity for a 2021 where employees work on unsecured home networks is to ensure users are properly authenticated to remotely access corporate data. Of course, the issue is that an authentication method that uses just passwords—even regularly-changed strong passwords—is easily compromised. That’s why Amaxra consultants and our clients with Microsoft Teams use multi-factor authentication (MFA) to increase employ account security. The idea behind MFA is to require multiple forms of verification to prove an employee’s identity when signing into not just Microsoft Teams but every cloud-based application used by the company. Amaxra configures our customers with MFA logins for all users by default. It is a flexible setup that enables each employee to approve their sign-ins from a mobile app on their personal iOS or Android smartphone using whatever is the most comfortable for them: push notifications, a numerical code, or even biometrics. Most importantly, we configure these logins protected by MFA to provide users with seamless access to all their corporate business apps with a single sign-on from any location or device.

Simple and secure collaboration from anywhere

When the 2020 pandemic hit, businesses turned to cloud applications and collaboration services to enable their employees to work safely and remotely from their own homes. As video for online collaboration became the default, the media heavily promoted Zoom as the “easy” way to conduct video meetings from home. But business IT departments soon found that Zoom was pathetically insecure in the name of convenience. Cybercriminals exploited the hastily-deployed remote working environments some business built around Zoom. Often these attacks started with disruptions like Zoombombing where hackers appear uninvited on a video conference verbally harassing employees, displaying vulgar images, and stealing the personal information of meeting attendees. But when “convenience” was combined with a user’s unsecured home network, hackers could more easily attack exposed Server Message Block and Remote Desktop Protocol ports (445 and 3389, respectively) on employee computers to gain corporate network access and move laterally inside the network to cause even more damage.

For the smart businesses using Microsoft 365, the solution was to get employees on the existing Microsoft Teams apps for team collaboration. Business IT departments rely on Microsoft Teams for advanced security and compliance because it is built on the Microsoft global enterprise-grade cloud infrastructure. This enables Teams to enforce organization-wide MFA with single sign-on and encryption of data both in transit and at rest. Amaxra sets up Teams for all of our clients with the additional security measure of configuring a company-wide group policy to ensure that only a few authorized employees have the ability to create new groups in Teams—further limiting the potential for a malicious hacker outside the company to be hidden amongst any of the up to 300 people in your video conference.

Security training and business continuity

Astute readers will note the “outside the company” in the last paragraph and wonder how does Amaxra secure Microsoft Teams against so-called “insider threats?” A report from cybersecurity research firm Ponemon in 2020 tracked and categorized these threats as either “negligent” or “malicious” insiders—and surprisingly found that it was the so-called “negligent insiders” that account for 62% of all insider-threat incidents.

Every company should have codified guidelines on how to handle any corporate data from intellectual property (IP) to the personal identifiable information (PII) of both employees and customers. Because data is what cybercriminals are after, it is crucial for companies to provide employees with training on data-protection rules adapted for remote working. For example, Amaxra consultants are provided with a PDF of our corporate data-protection rules along with on-demand video training in the form of a prerecorded webinar conducted in Microsoft Teams.

When it comes to malicious insiders using their company login to access and steal corporate data, detection and response is crucial to maintain business continuity. To thwart these malicious insider threats, IT departments must control the user access for cloud-based data and gain visibility into who accesses the data. For example, Amaxra’s deployment of Microsoft 365 Business Premium is configured to control who has access to specific company data by applying restrictions such as “do not copy” and provides visibility into who specifically attempts to access that data from a dashboard inside the Microsoft 365 Admin Center. With the built-in protections in Microsoft 365, a disgruntled employee can easily be blocked from downloading then deleting your company’s IP and PII stored in the cloud.

Amaxra keeps your remote workforce productive and safe

The lessons we all learned about remote working in 2020 will be critical for a safer and happier 2021. Amaxra can help your business use Microsoft 365 and Microsoft Teams to adapt to the new paradigm of remote working and all of the new challenges that come with it.