Aiding and Abetting

Mandatory security awareness training for employees can help them to recognize a range of cyber attacks that they can play a part in preventing or detecting. This can include topics such as phishing, social engineering, and data classification, amongst others.

An Acceptable Use Policy (AUP) is a set of rules outlining acceptable and unacceptable uses of an organization's computer systems and network resources. It acts as a deterrent to prevent employees from conducting illegitimate activities by clearly defining expectations, reinforcing legal and ethical standards, establishing accountability, specifying consequences for violations, and promoting education and awareness about security risks.

Training should equip employees to recognize manipulation tactics, such as social engineering and extortion, that are used to coerce actions and behaviors harmful to the individual and/or the organization. The training should also encourage and guide participants on how to safely report any instances of coercion.

From the Microsoft Teams admin center, it is possible to review previous Teams meetings or calls that a user account has joined. These logs include key information such as meeting or call ID, start time, duration, and participants. The purpose of this information is to assist with troubleshooting meeting or call issues; however, investigators can use it to determine when user accounts have participated in meetings or calls.

The following URL can be used to view this activity log, provided the investigator's account has the Microsoft Teams Administrator role assigned, or a role with higher privileges: https://admin.teams.microsoft.com/dashboard

Select Users, Manage Users, then the account being investigated. Click on Meetings & Calls, then scroll to the bottom of the page to view the Past Meetings table. Clicking on a meeting or call ID will provide more detailed information.