How Teams proliferation exposes you to security and compliance risks

Remember that cross-functional team that ran the big product launch in 2022? No, neither do I. But it still exists online, complete with sensitive financial documents, third-party access, and private discussions about competitors. Did anyone lock the door on the way out?!?

The recent rush to remote and hybrid work has created a flurry of new virtual Microsoft Teams, groups, projects and collaboration spaces – often lacking comprehensive governance processes.

As a result, many enterprises are littered with long-forgotten projects where private presentations, spreadsheets, meeting recordings, logins, and out-of-date permissions float around unprotected. 

And it’s more common than you may think. Like abandoned Myspace profiles from 2006, large organisations could be hosting hundreds, if not thousands, of unmanaged virtual workspaces.

The risks of losing control

Once a project or milestone has been achieved, it is human nature to jump into the next big thing without looking back or tidying up. Without automated processes and governance, organisations lack clarity over how many of their Microsoft Teams are active, redundant or lost.  

While this may seem like harmless clutter, it exposes you to several key risks:

Security vulnerabilities: Uncontrolled access can leave disgruntled team members, ex-staff or external suppliers with access to private data, documents and systems.

Security vulnerabilities: Uncontrolled access can leave disgruntled team members, ex-staff or external suppliers with access to private data, documents and systems.

 If any Personally Identifiable Information (PII) is being shared, then a lack of security protocols can breach privacy or data storage regulations.

Compliance gaps: If any Personally Identifiable Information (PII) is being shared, then a lack of security protocols can breach privacy or data storage regulations.​

Can anyone set up new Teams, invite members and share data without oversight?

Reputational risk: Private opinions or out-of-context ideas can be leaked into the public domain, exposing you to negative press and liabilities.

You invest in Teams to drive results, but if projects are unstructured without consistent names and metadata, important learnings can be left to gather dust.

Lost insights: You invest in Teams to drive results, but if projects are unstructured without consistent names and metadata, important learnings can be left to gather dust.

HCan anyone set up new Teams, invite members and share data without oversight?

Wasted time:Manually setting up, managing and archiving Microsoft Teams and related content is slow, complex and painful.

Poorly categorised content reduces findability, can lead to multiple Teams on the same topic, and erodes confidence in a single source of truth.

Data duplication: Poorly categorised content reduces findability, can lead to multiple Teams on the same topic, and erodes confidence in a single source of truth.

How to derisk your collaboration environment

Right now, setting up new Microsoft Teams can be a free-for-all. Whether it’s a social group bantering about a touch footy comp, HR conducting private performance reviews or executives sharing confidential strategies, each Team needs to be treated according to its risk profile. 

The good news is that with the right tools and processes, cleaning things up and keeping them tidy is relatively simple. Ask yourself a few simple questions to assess where you’re at: ​

HCan anyone set up new Teams, invite members and share data without oversight?

Can anyone set up new Teams, invite members and share data without oversight?

Do you have processes to govern the need for and configuration of new Teams?

Do you have processes to govern the need for and configuration of new Teams?

Do you have review and approval workflows before a new Team is created?

Do you have review and approval workflows before a new Team is created?

Are there templates for structure, naming conventions and security settings?

Are there templates for structure, naming conventions and security settings?

Do you have processes to assess and monitor archiving or closing redundant Teams?

Do you have processes to assess and monitor archiving or closing redundant Teams?

Managing the entire lifecycle is essential

The key is not only to clean up your existing Teams but to set up a structured process to take control of the lifecycle of groups and projects from creation to management to archiving.

CREATE: Systemise the provisioning process

Embed consistent naming conventions, templates and structured processes to guide staff through setting up a new Team. Automate approval workflows for new boards and members. Classify the sensitivity of groups – for example, public, internal only, clients, highly classified – and define settings accordingly.

OPERATE: Collaborate with confidence

Once groups are set up with the appropriate templates, metadata, information architecture and security controls, it becomes business as usual. Members can share information freely with peace of mind that only legitimate people will have access.

ARCHIVE: Take control of the Teams environment

Often overlooked, time-specific or temporary Teams mustn’t live forever. Use flags and alerts for administrators so that if a Team hasn’t been active for a defined timeframe – such as one month or 14 days – it can easily be archived, deleted, audited or reconfigured.

Get smart with an extra layer of intelligence

On top of templates and tightly managed access, the latest tools incorporate machine learning and artificial intelligence to automatically monitor the sensitivity levels of the group based on the nature and types of content and conversations being shared. For example, if sensitive financial or personal data is detected, the system can tighten security levels and escalate the threat.

Regain control of your collaboration environment

There’s no doubting the benefit of highly collaborative remote virtual Teams, but setting up guard rails is essential. By aligning technological protections with business processes, you can set up and manage shared workspaces with appropriate risk and compliance built in. 

Nexon Workspaces is an application built in Microsoft Teams to standardise the creation, governance and archiving of Microsoft Teams and SharePoint sites. It combines the flexibility of self-service tools with the added controls of secure templates and approval workflows that adhere to organisations’ data management policies and compliance rules.​ If you’d like to review your Microsoft Teams processes, feel free to get in touch.

 

Janniek Starren is Head of Presales at Nexon Asia Pacific. For more information about Nexon’s modern workplace solutions,

Contact us today.