By Veniamin Simonov, Director of Product Management, at NAKIVO Inc.
With COVID-19 triggering a potential long-term shift to working from home, SecOps teams are coming under increasing pressure to keep data safe and systems secure. When it comes to cloud storage and the protection of business data and applications, remote work has increased the threat of data loss and data theft. Teleworking has also laid bare the data safety shortcomings of even established services like Microsoft OneDrive.
Millions of people and businesses rely on OneDrive as cloud storage and synchronization service and for good reason. It’s been built with cybersecurity in mind. It is also one of the best and most powerful cloud storage and syncing apps around, beating out DropBox, iCloud, and Google Drive thanks to its ease of use and simplicity. However, users should not rush to store all their data in OneDrive or any online platform without carefully considering the data safety risks of cloud storage. If you want to use OneDrive safely you should know the risks beforehand so you can make better decisions to reduce the probability of undesired scenarios.
The three main safety and security concerns users should consider are data theft, data corruption and data loss. In this article, we discuss how to mitigate them.
Not even Microsoft is foolproof
While Microsoft maintains that files stored on OneDrive are secure because they are encrypted on Microsoft servers, this doesn’t mean you cannot be hacked. Aggressive hackers can access your drive through trivial but surprisingly common mistakes. Using simple passwords and storing them in obvious locations on your computer is a great example of a common error that could weaken your security. If it’s easy for you to find, then it’s easy to do so for a persistent hacker too.
The risk is only further heightened by operating on public Wi-Fi networks, especially if you need to log in to your Office 365 account. If the firewall is configured improperly on a router, attackers can use open ports and vulnerabilities to infect computers.
Another risk factor is providing more permissions than needed when sharing files on OneDrive, which gives other users the power to delete data, write unwanted changes to files and corrupt files if their computers are infected by viruses. Companies should avoid granting administrator privileges when they are not needed. Administrators should create regular user accounts for themselves for sending emails and working on routine tasks such as sharing files on OneDrive and editing Office 365 documents.
Disaster can also strike when using an operating system without the latest security patches for software such as Windows or Flash Player. Browsers can also have hidden vulnerabilities that can lead to exploits as hackers manage to get control of a user’s machine.
Of course, all these risks can be running in the background without the user’s knowledge for a prolonged period of time. A delayed response only makes matters worse and further compromises users, resulting in significant losses and making it difficult to restore any lost data. However, users may be able to prevent data loss by using the OneDrive security recommendations, which are rules to abide by for optimal use of cloud software.
What are the security recommendations for using OneDrive?
There are the obvious recommendations, such as using a strong password and making sure that your anti-virus software is up to scratch to make sure that it can detect malicious files on your computer and delete them to prevent infection and data loss. But there are also other official recommendations, such as deploying two-factor authentication with the Microsoft Authenticator mobile app. This will stop anyone from getting to your files even if they figure out your password. For example, if a thief accesses your device with a saved password, your phone acts as a second form of authentication.
You can also protect more sensitive data with the OneDrive personal vault, as it requires another form of identification and automatically locks after a certain amount of time. This is especially useful if your device is compromised while your regular storage folder is unlocked.
OneDrive also provides the Office 365 admin center for administrators of organizations to manage their security settings centrally. Its Security and Compliance Center and automation tools and security monitoring systems allow users to configure automated alerts that are triggered by suspicious activity. Exchange Online Protection is a feature that can protect Office 365 accounts in your organization against spam and malware. Microsoft Threat Intelligence and Advanced Threat protection also help protect Office 365 users against malware.
It’s the little things that count
On any account, a user should not underestimate the importance of security or data protection. Avoiding the little errors, such as storing passwords, payment data and other critical files on OneDrive in a careless manner can make all the difference when it comes to creating a secure home office set up for employees. It’s the small changes that can make a big difference when it comes to data protection.
This is because most of the security concerns for OneDrive stem from oversight and user error. To date, there is no evidence of data leaks caused by Microsoft errors from data centers used for OneDrive cloud storage. Microsoft uses modern technologies and standards for security and removes any found issues as soon as they are identified. Microsoft helps protect its users from potential threats by identifying and analyzing software and online content. When you download, install, and run the software, it checks the reputation of downloaded programs and ensures you’re protected against known threats. Users are also warned about software that is unidentifiable. On Microsoft’s end, encryption is performed when storing data on Microsoft servers and when transferring data over networks – and encryption is the king of data protection.
Overall, just because Microsoft hasn’t experienced an OneDrive hack itself, doesn’t mean that users don’t have to worry about that. This is especially a risk when the virtual workforce is working from a variety of locations and accessing cloud storage via a number of devices. No antivirus or protection technology is perfect. So, as remote home and business users, it’s now more important than ever for them to be aware of and deploy OneDrive’s security recommendations, and that they work with network administrators to keep their networks safe in today’s accelerated threat landscape. If users can take a proactive approach and apply recommendations as they are communicated, OneDrive will continue to be a viable cloud service to support today’s remote working environment. End of article.
About the Author
My Name is Veniamin Simonov. I am Director of Product Management at Nakivo, and I am responsible for driving the execution of features and functionality for NAKIVO Backup & Replication. My background includes several positions in product management, with 10 years of experience working with virtualization and cloud technology.
Veniamin can be reached online at @Naviko and at our company website https://www.nakivo.com/