Over the past few months, remote working has become the new normal for many organisations, and undoubtedly, there will be some businesses looking to implement long-term flexibility once the crisis has passed.
Before the Government lockdown, widespread remote working on such a scale was unprecedented, with many businesses introducing collaborative apps like Microsoft Teams once the news was announced.
With entire workforces currently at home, cyber security should be top of mind for organisations, ensuring their internal communications are secure and potential risks are identified and managed before they can affect company data and intellectual property (IP).
All of Microsoft’s services have been built with features that ensure data compliance and device protection, allowing businesses to operate securely, without the risk of serious breaches occurring.
We’ve taken a closer look at some of Microsoft’s most useful security features, which allow employees to continue working safely, despite being in different locations.
Regulatory compliance and data loss prevention
Whilst employees are working remotely, it’s important that organisations have a clear understanding of where sensitive data is stored and how it’s being protected.
Inside Microsoft Teams, data is encrypted at rest and in transport, using secure real-time protocol for video, audio and desktop sharing. When it comes to controlling and protecting sensitive documents, businesses can restrict some Teams experiences for guests and people outside the organisation.
To make sure regulations and standards are adhered to, the Teams service benefits from a robust compliance controls framework, which meets some of the most rigorous industry requirements across various countries. Auditor reports can also be accessed via the Service Trust Portal, allowing businesses to respond quickly to auditor enquiries.
Meanwhile, the data loss prevention (DLP) feature focusses on sensitive information in messages and documents, with DLP policies in place to protect data and act when sensitive information is shared.
Your DLP policy will prevent guests from opening documents that contain sensitive information, even if they have been shared by an employee within your organisation.
Sensitivity labelling
Another way to protect sensitive documents throughout their lifecycle is with sensitivity labels. These can be applied to important documents and associated with protection policies and actions like encryption, visual marking and access controls.
Even when a document or file is shared with someone outside of the organisation, the same sensitivity labels apply, ensuring data and information is properly safeguarded.
Whilst emails and documents can be manually classified by users, it can sometimes be difficult for inexperienced employees to correctly label documents. For this reason, Microsoft recently
announced the public preview of automatic classification with sensitivity labels for documents stored on SharePoint Online, OneDrive for Business and emails in transit.
With this update, sensitivity labels can be set up to automatically apply to Office files and emails based on company policies. The auto classification polices can be configured in Microsoft 365 services like SharePoint and OneDrive.
This is good news for those businesses experiencing widespread remote working, as classifications also apply to documents shared within Microsoft Teams.
Simple retention policies
Industry regulations, like GDPR, must always be adhered to, even when entire workforces are currently working away from the office. This means properly governing company information and data, ensuring records are safely stored or deleted when no longer needed.
Microsoft Teams retention policies can be set up for chat and channel messages and these can be applied to your entire organisation or to specific users and teams.
When data is subject to a data retention policy, users can continue to work with it because the data is retained in its original location. Even if a user deletes such data, a copy is saved in a secure location whilst the policy is in effect.
Until the retention period expires, all data is retained for compliance reasons and is available for eDiscovery. Once the deadline has passed, the policy indicates whether to do nothing or delete the data from your records.
Minimise insider risk
With many employees now working from home, it’s a lot more difficult for management teams to keep an eye on the actions of their colleagues.
For this reason, insider risks such as leakages, IP theft or data harassment are increased, which is why Insider Risk Management can be used to spot suspicious activity early before it becomes a serious problem.
Communication compliance is a key feature of the Insider Risk Management solution, which uses machine learning to identify and act on code of conduct policy violations in company communication channels, including Teams.
Detecting key words and phrases that could indicate wrongdoing, the system ensures that issues are identified in a timely manner, minimising the impact of internal risk.
Keep your business safe…
Although widespread remote working is a temporary solution for most organisations, there are some who are willing to support the idea of increased flexibility moving forward.
Therefore, it’s crucial that businesses introduce security measures to make sure their employees are working securely at home.
Without these checks in place, businesses risk falling foul of data protection regulations, which could lead to serious financial repercussions, not to mention a lot of negative attention from the media.
If you’d like more information on how to protect your business or would like to unlock the true potential of Microsoft and its services, then contact our in-house team for advice.