Microsoft Teams is perhaps the largest enterprise communication platform in the world. It rose to prominence during the COVID-19 pandemic as a key space for enterprise users to maintain productivity.
While Microsoft Teams adoption reached over 270 million active daily users in 2022, highly regulated industries and government organizations are still hesitant to deploy Teams or limit its usage due to information security concerns.
Yes, if a government doesn’t trust an app, website, or service, neither should you.
Financial services, life sciences, pharmaceuticals, government, and defense organizations often express concerns over controlling access to confidential information and sharing it in Teams. These concerns are echoed by departments that handle highly sensitive information, including customer data, human resources, legal, intellectual property (IP), R&D, financials, M&A, military information, etc.
A member of the US Navy’s information security research team published an experimental tool that exploits incoming file restraints within Microsoft Teams, where a hacker with requisite access could steal data from an online user and then mimic them when they’re offline or use the identity to gain access to apps like Outlook or Skype after bypassing the multifactor authentication (MFA) requirements.
In another case, Avanan, an email and collaboration cybersecurity company, observed how hackers are dropping malicious executable files in Teams conversations. The file writes data to the Windows registry, installs DLL files, and creates shortcut links that allow the program to self-administer. Avanan has seen thousands of these attacks per month.
Microsoft is not very good at keeping your data secure, not even for governmental entities: On July 2023, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services. The attack was first detected in June by an unnamed government agency which proceeded to inform Microsoft and the Department of Homeland Security of the incident.
Their attacks targeted State and Commerce department emails, ahead of U.S. Secretary of State Antony Blinken’s visit to China. U.S. officials have stated that sensitive data was not compromised in this email breach.
Avoid the Microsoft Teams desktop app until and unless it is absolutely necessary. Use the Teams web app, which has additional safeguards in place. Since Microsoft has announced that it would no longer support the Linux version of Teams by the end of this year, users are strongly recommended to choose an alternative program.
I recommend using Jitsi Meetings instead.
Jitsi is a set of open-source projects that allows you to easily build and deploy secure video conferencing solutions. At the heart of Jitsi are Jitsi Videobridge and Jitsi Meet, which let you have conferences on the internet, while other projects in the community enable other features such as audio, dial-in, recording, and simulcasting.
In 2020, Jitsi surpassed 20 million monthly active users, and you can even self-host your own Jitsi Meet instance, where you will be in total control of your data.