Is Microsoft Recall a security risk?
Part of keeping everything running smoothly is helping you know about cybersecurity and privacy concerns that might impact your business. One of the more recent ones is Microsoft Recall. It’s a fresh privacy and security risk for your employees and users that has the ICO worried. It’s available if you’re part of the early feature access program with Microsoft on select computers.
Microsoft Recall’s screenshots
The BBC explains that “Recall has the ability to search through all users’ past activity including files, photos, emails and browsing history. Many devices can already do this – but Recall also takes screenshots every few seconds and searches these too.” From its own website, Microsoft says “Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds. Each snapshot is encrypted [for saving] on your PC’s hard drive. You can use Recall to locate the content you have viewed on your PC using search or on a timeline bar that allows you to scroll through your snapshots. Once you find the snapshot that you were looking for in Recall, it [is] analyzed [to] offer you options to interact with the content.”
But they also say that “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data [is] in snapshots […] stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.” This means that even if users do take steps to hide websites and apps from this feature, it might not always work to keep data safe.
Why is this a problem?
If you don’t configure these settings, then you potentially have a program that is taking screenshots of everything you do and saving it. This is a problem not only for work device security but also for people logging into work applications from personal devices. With remote access, hackers don’t need access to your physical device to potentially look through these files and if your device is lost? Even worse. Also, many cloud photo tools regularly scan your device for new images and screenshots to add to your cloud storage. If they’re not configured to avoid this folder, screenshots get uploaded to the cloud as well. This would further comprise your security.
Our recommendations
If you have a Copilot+ PC that is part of the user group rollout with Windows 11 Insider Preview, then you may be impacted. At this time, we recommend that you use the instructions here to completely disable Recall on these devices. That’s the most secure option. Barring that, you could follow the instructions to filter any apps, websites and sensitive information from your snapshots that you would like to remain private. Until Microsoft Recall is no longer considered a security risk, these are the two best ways to limit your exposure.
Want our help to improve your security in the workplace and keep everything running smoothly? We’d love to support you. Talk to us today about your current risk landscape and we’ll help you understand the impact on your customers, employees and suppliers.
