With the increased usage of Microsoft Teams to conduct virtual meetings, the need for tactical best practices to protect your privacy from intruders is also on the rise.
Over the past year, we have seen a significant increase in the number of virtual meetings across the world.
Virtual meetings can have many positive outcomes, such as allowing companies to continue operations to support their workforce and customers, schools from kindergarten through college to provide classes, and families to schedule meetups for virtual dinners and conversations.
Unfortunately, the great popularity of “freemium” platforms like Zoom has also increased the number of hackers and trolls out to create their versions of “fun.” The problem is so common and growing so quickly that the FBI invented a term for it: Zoom-bombing.
The Security Risk
Sometimes, you get merely annoying interruptions, but other times hackers can cause real problems. After all, even when intrusions seem harmless, they can open more considerable security risks. For example:
- In Milwaukee, hackers broke into an election commission meeting to display graphic words and images on users’ screens during a discussion of postmarks on absentee ballots.
- In New York, hackers attacked so many online classroom sessions the city banned Zoom in favor of Microsoft Teams.
- Las Vegas and Washington, D.C. followed suit, replacing Zoom with Google Hangouts and WebEx.
Although these examples all relate to Zoom, other platforms are vulnerable, too, including Teams. In fact, hackers and trolls can break into any platform not properly configured, without sufficient security in place, or that is operated by meeting organizers who didn’t take steps to run their meetings in a secure and controlled manner.
Breaking into a Teams meeting doesn’t even require much technical skill on the part of a hacker. Consider this common scenario that happens all the time: A meeting organizer creates a meeting in which anyone with the link can join. Someone in the company mistakenly forwards the link to someone who doesn’t belong on the call. A bored teenager picks it up off of an employee’s laptop when they step away from their home office, and then distributes the dial-in number.
As you can see, in this scenario, anyone can do it. So, how can you stop it?
Protect the Privacy of Microsoft Teams Meetings
The good news is Teams offers easy ways to mitigate the risk of such problems by updating your settings.
In the Teams Admin Center, you can make the following simple changes to lock down who you allow into meetings:
- Change “Automatically admit people” to “Everyone in your organization and federated organizations.”
- Turn off “Allow dial-in users to bypass the lobby.”
Here is what it looks like on the Teams Admin Center interface:
NOTE: The first setting, “Let anonymous people start a meeting,” should be “On” if many people in your organization need to start meetings through dial-in (i.e., when they aren’t able to start the meeting through the Teams interface).
These changes will allow your Teams users to admit non-organizational guests from the lobby into the meeting manually. However, you must admit people into the meeting from within the Teams app itself, not through the dial-in connection to a Teams meeting.
As always, we strongly recommend you communicate these changes clearly to your users so they know the “why” behind the change, which will reduce frustration and increase adoption.
You can complete the steps I’ve outlined in this post in seconds and eliminate a lot of headaches. By learning the Rules of the Road for Microsoft Teams, you can make sure you configure your Teams tenant properly and make your Teams security even tighter.
As your use of remote teleworking applications continues to increase, you always need to consider how you configure these applications to ensure the security and privacy of your information, discussions and meetings. That way, we can all get better and do better together.