This very cute GIF could actually be a piece of malware that can take over your Teams account

Highlights:

• Avanan is the first and only security vendor to protect Microsoft Teams
• Teams is built for easy collaboration, yet it is just as easy to send malicious files and confidential information to the wrong people
• Avanan has collaborated with Microsoft to bring its award-winning protection to Teams using non-public APIs. 
• Avanan hosted a webinar that extensively covers Microsoft Teams and what you can do to keep it secure. Watch Now →

As more organizations are moving to Microsoft Teams, so are hackers. And now, so is Avanan—the first and only security vendor to provide malware, phishing and data leak protection for Teams.

Due in large part to COVID-19 shifting work remotely, Teams has been on a rocket-like trajectory. In November of last year it had 20 million daily active users. In mid-March, it was 44 million. In May, 70 million.

By design, Teams was built to promote collaboration and easy communication both inside and outside the company.

"I recommend Avanan for anyone who wants to sleep well."
Gartner Peer Insights
Infrastructure and Operations, Healthcare

However, that design means it is just too easy to send and receive malicious files, phishing URLs and confidential information between users and outside organizations.

That is why Avanan worked aggressively with Microsoft to become the first security vendor to protect Teams from malicious files and messages. Using early-access API tools that will not become available until later this year, we’ve been able to apply the same award-winning email security to Teams collaboration.

Prevents Malware Spreading Across the Organization or From Trusted Partners

Now that employees are working from home, it is no longer possible to infect a business by spreading malware from desktop to desktop. Teams sharing is the new east-west attack vector once an attacker has gained access. You can have all the security in the world for email, but if you don't protect Teams, your entire ecosystem—from email to SharePoint to video chatting—is vulnerable to internal attacks.

In one recent attack, for example, a simple animated GIF was used to steal the user’s session token and gain access to their account. A malicious cat video that would have been blocked had it been sent via email was able to spread unfiltered on Teams. Worse, this attack gave attackers full access to the users' entire account, making it easy to continue the spread.

Courtesy of CYBERARK: Microsoft Teams GIF Attack Workflow

Prevents Data Leaks Between Departments or With External Partners

Many mistakenly believe that Teams is just for internal users. It's not.

Microsoft Teams makes it extremely easy to share files in SharePoint, OneDrive or any Office application with other departments or external partners.

Because most files were only internally accessible before the introduction of Teams, few companies have put the controls in place to ensure confidential information is properly organized and set proper permissions for access.

Millions of users, suddenly new to Teams, are selecting the easy and default options to grant access. It is all too simple for, say, an external partner to ‘Delve’ into things they should not see. A short term project with an external user may lead to forgotten long-term access to an internal directory.

Now that Teams is its own, independent sharing environment with end-user controlled permissions, it is hard to see who might have access to a confidential document or who in the organization chose to share it.

Identifies Impersonation

Nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies. Because of the unfamiliarity with the Teams platform, many will just trust and approve the requests. Within an organization, a user can very easily pretend to be someone else, whether it's the CEO, CFO or IT help desk. 

Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real. It is simple to edit a profile and become most anyone you like.

Jeff Bezos does not work for us as an intern. 

Conclusion

Avanan is the first and only email security solution to extend the same level of protection to all your collaboration platforms, like Google Drive, ShareFile, Box and Dropbox. It is also the first and only solution to bring the same protection to Slack and Teams. Avanan can identify files and text containing sensitive information and protect against malware and malicious links.

The future of work has changed.

Make sure you secure your company’s future with it.