The Hidden Security Risk in Microsoft Teams
Microsoft Teams has become a critical collaboration tool for businesses worldwide. But what if we told you that every time you share a link in a Teams chat, you could potentially be sharing sensitive information with the public? Yep, that’s exactly what our CyberGuard security program recently uncovered – a serious security risk that could leave your business’s confidential info exposed (without you even realising it!)
The Risk: Publicly Accessible Links in Teams
You’d think that links shared in private Teams chats stay private, right? Wrong! Every link shared in Teams is stored in Microsoft’s SharePoint (or OneDrive) – and unless you’ve changed the system’s default “most permissible” settings, they become publicly accessible. This means your confidential data could be easier to find than a cat video on the internet.
It’s basically inviting hackers and cybercriminals to access your sensitive internal documents, client data, or financial records. Even a disgruntled ex-employee could wreak havoc.
Unfortunately, because this flaw is fairly well hidden in Microsoft’s system settings, businesses may not even realise they are vulnerable until it’s too late.
How We Identified the Issue
Our CyberGuard security monitoring program is always on the lookout for digital risks, and this one stood out like a sore thumb. We found that links shared within Teams were accessible outside of the intended recipients. After some detective work, we pinpointed the culprit – SharePoint’s default sharing settings, which favour convenience over security.
Realising the potential severity of this issue, NQIT immediately reported the vulnerability to Microsoft. While they’re yet to implement a fix (and we’re not holding our breath), there are proactive steps you can take to keep your data under lock and key.
The Solution: A Two-SharePoint Approach
To prevent your sensitive info from falling into the wrong hands, we recommend setting up a two-SharePoint strategy:
- Secure SharePoint for Internal Use Only – Lock this one down like Fort Knox. Only internal users should have access, with the “least permissible” settings enabled.
- Public SharePoint for Non-Sensitive Information – For anything that actually needs to be shared externally, use a separate SharePoint that allows public links, but never store confidential business info here.
Also very important: as soon as a staff member leaves, they must be booted from your digital systems!
By making this switch, you can ensure your sensitive data remains protected – whether it’s from hackers, ex-employees, or even just the wrong set of eyes.
Take Action Now
If your business uses on Teams for communication and file sharing, now is the time to check your security settings. Depending on your system’s set up, a quick Google will show you how to check and change your existing settings (normally done by the system admin).
Once again, Google is your friend with how to set up two SharePoint accounts. An admin will need to log into the Microsoft 365 Admin Centre to get started.
(NB: for our existing Managed IT clients, these changes have already been applied on your behalf!)
And it probably goes without saying – but if you’d like IT professionals looking out for your business, get in touch with us today. Don’t wait for a security breach to take action!
Years In Business
Years of Experience
Customer Satisfaction
Loyal Customers
We only Partner with the best
Get In Touch
Locations
TOWNSVILLE
Suite 1, 179-181 Ross River Rd.
Mundingburra, QLD 4812
View Map
MT. ISA
56 Marian St.
Mount Isa City, QLD 4825