Securing Your Remote Teams for Better Collaboration

As workers duck under the cover of their homes during the global pandemic, we are seeing how technology has made it possible to keep collaboration going with remote work solutions. In Taiwan’s financial industry, Mega Bank is one of the first financial institutions in Taiwan to deploy Microsoft Teams as a remote work solution, and pulled it off in just three weeks. The deployment allowed near 6,000 of Mega Bank’s employees in Taiwan and across the globe to remain connected, and productive. It will also ensure national economic safety by allowing hundreds of enterprise employees to keep working and serving customers, whether at the office or at home.

Through technology, we are seeing how we can adapt to new norms to keep business continuity. Remote work is no longer a privilege, but a necessity. And with some simple guidelines and best practices, companies around the world have risen to the challenge without skipping a beat.

However, as we learn to steer in remote work seas, we need to keep a watchful eye on security. The waters can get rough out there. Studies have shown that malware and phishing attacks are up five-fold since COVID-19. Hackers with malicious intent are looking to prey on millions of men and women finding themselves under pressure to use unfamiliar software. Microsoft’s intelligence shows that these attacks are becoming part of a new norm in cybercrime, with every country in the world having seen at least one COVID-19 themed attack.

Organizations need strong tools. Even before the pandemic, security was priority at Microsoft. When our customers know they can feel secure using our solutions, they can focus on collaboration and innovation with peace of mind.

Microsoft uses a multi-layered defense system to keep customers secure. It works through detonation and signal-sharing that finds and shuts down email attacks on the spot. If the system detects a malicious email, URL, or attachment, the message is blocked before reaching the inbox. The mechanism opens attachments and links in isolation through virtual machines – like detonating a bomb in an unpopulated area.

Meanwhile, our analysts are continuously evaluating reports submitted by users of suspicious emails to better understand attacks and train machine learning models. Once a file or URL is identified as malicious, it’s shared with Microsoft Defender Advanced Threat Protection (ATP), among other services to ensure endpoint detection benefits from email detection, and vice versa. Sharing signals across services means that PC users with Windows Defender can be protected even if they’re not using Microsoft email services.

So what steps can you take to keep your remote teams and colleagues safer? Here are a few.

Safety starts at login

The single best way to improve security for employees working from home is to turn on multi-factor authentication (MFA). This is when a user is granted access only after successfully presenting two or more pieces of evidence (or factors) on the login screen. It protects users from attacks that take advantage of weak or stolen passwords. Use MFA for all of your employees, all of the time. Remember that this works best if you also block legacy authentication protocols that allow users to bypass MFA requirements. You can also use Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.

Teaming up to unify chat

Employees are chatting and sharing more than usual, and sometimes on several chat apps. We recommend employers take advantage of 6 months freemium on Teams which now has no limit on the number of users who can join or schedule video calls using the “freemium” version. That way, employees know which channels to use, and CISOs can better manage them securely. For assistance, you can follow these steps for supporting remote work with Teams. Teams can be provisioned to users with Azure Active Directory (Azure AD) to make downloading easier.

Supporting employees

Remote workers have access to sensitive data and your network. As more employees start using remote tools, we need to walk them through basic steps they can take to stay secure, and warn them to expect more phishing attempts, including targeted spear phishing aimed at high profile credentials.

A malware or phishing attack usually starts with a suspicious email. Remind employees what official communications look like and to be watchful for urgent requests that violate company policy, use emotive language, and have details that are slightly wrong. Then give guidance on where to report those suspicious messages.

Manage access controls

The ability to manage who can launch meetings, present, and participate is critical to the safety of remote work teams. Just like keeping locks on doors, we need to ensure organizations use tools that let meeting organizers control who from outside your organization can join meetings directly, and who has to wait in the “lobby” and be let in. For further control, the meeting organizer should be able to designate “presenters” and “attendees,” to ensure no unauthorized attendee can take control of the meeting.

Safeguarding personal data

It’s critical to ensure that collaboration tools offered to employees are designed for enterprise-grade deployment. They should incorporate industry standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) to encrypt all data between devices and the cloud. They should also have safety measures for data loss prevention and sensitivity labels to restrict and regulate who can access sensitive information.

It’s clear that remote work is here to stay even when things go back to normal. As organizations embrace this transition, keeping a close eye on the security and privacy of data will let teams focus on the task at hand for the betterment of the entire organization.