5 keys to protecting OneDrive users - Help Net Security (2024)

Table of Contents
Document visibility Are sensitive documents safe in OneDrive? OneDrive is not a backup solution What are the most common OneDrive risks? How can you maximize OneDrive security?

With the dramatic shift toward remote workforces over the last three months, many organizations are relying more heavily on cloud tools and application suites. One of the most popular is Microsoft’s OneDrive.

5 keys to protecting OneDrive users - Help Net Security (1)

While OneDrive may seem like a secure cloud storage solution for companies looking to use Microsoft’s suite of business tools, many glaring security issues can expose sensitive data and personally identifiable information (PII) if proper protection protocols are ignored. Data theft, data loss, ransomware, and compliance violations are just a few things that organizations need to watch for as their employees increasingly rely on this application to save more and more documents to the cloud.

While OneDrive does provide cloud storage, it doesn’t have cloud backup functionality, a critical distinction that must be made when choosing which information to upload and share. The data is accessible, but not protected. How can businesses ensure they’re mitigating security risks, while also enabling employee access? Below we’ll discuss some of the most significant security gaps associated with OneDrive and highlight the steps organizations can take to better protect their data.

Document visibility

One area that often breeds confusion for OneDrive users is who can access company files once they’re uploaded in the cloud. For employees saving documents on their personal accounts, all the files created or added outside of a “Shared with Me” folder are private until the user decides otherwise. At this point, files are encrypted for anyone but the creator and Microsoft personnel with administrative rights. For someone else to see your data, you have to share the folder or a separate file.

The same rule holds for files shared on a OneDrive for Business account, with one exception: a policy set by an administrator determines the visibility of the data you create in the “Shared” folder.

Are sensitive documents safe in OneDrive?

For purposes of this article, sensitive documents refer to materials that contain either personally identifiable information (PII), personal health information (PHI), financial information, or data covered under FISMA and GLBA compliance requirements. As we established above, these types of documents can be saved one of two ways – by an individual under a personal OneDrive account or uploaded under a Business account. Even if your business does not subscribe to a OneDrive business account, organizations should be aware that employees may be emailing themselves documents or sharing them to their personal OneDrive folders for easy access, especially over the past several months with most employees working from home.

For personal users, OneDrive has a feature called Personal Vault (PV). How secure is the OneDrive Personal Vault? It is a safe located in your Files folder explicitly designed for sensitive information.

See Also
5 Most Secure Cloud Storage Picks in 2023: Best Secure File StorageWhat is end-to-end encryption and why is everyone fighting over it?Which OneDrive app? - Microsoft SupportWhat is data encryption? Definition and related FAQs

When using PV, your files are encrypted until your identity is verified. It has several different verification methods that users can set up, whether it’s a fingerprint, a face ID, or a one-time code sent via email or SMS. The PV folder also has an idle-time screensaver that locks if you are inactive for 3 minutes on the mobile app, and 20 minutes on the web. To regain access, you need to verify yourself again.

Interestingly, the PV function isn’t available in the OneDrive for Business package. Therefore, if your organization has no other way to store sensitive data than on OneDrive, additional security measures must be taken.

OneDrive is not a backup solution

OneDrive is not a backup tool. OneDrive provides cloud storage, and there is a massive difference between cloud backup and cloud storage. They have a few things in common, like storing your files on remote hardware. But it’s not enough to make them interchangeable.

In short, cloud storage is a place in the cloud where you upload (manually or automatically) and keep all your files. Cloud storage allows you to reach files from any device at any time, making it an attractive option for workers on the go and those that work from different locations. It also allows you to manually restore files from storage in case of unwanted deletion and scale storage for your needs. While “restoring files” sounds eerily similar to backup protection, it has some fundamental faults. For example, if you accidentally delete a file in storage, or it was hit by ransomware and encrypted, you can consider the file lost. This makes OneDrive storage alone a weak solution for businesses. If disaster strikes and information is compromised, the organization will have no way to restore high volumes of data.

Cloud backup, on the other hand, is a service that uses cloud storage to save files, but its functionality doesn’t end there. Cloud backup services automatically copy your data to the storage area and restore your data relatively quickly after a disaster. You can also restore multiple versions of a backed-up file, search for specific files, and it protects data from most of the widespread threats, including accidental deletion, brute-force attacks, and ransomware.

In summary: cloud storage provides access, cloud backup provides protection.

What are the most common OneDrive risks?

All the security issues tied with using OneDrive are common for most cloud storage services. Both individual OneDrive and OneDrive for Business have multiple risks, including data theft, data loss, corrupted data, and the inadvertent sharing of critical information. Given the ease of access to documents in OneDrive, compliance violations are also a top concern for organizations that deal with sensitive data.

How can you maximize OneDrive security?

To minimize the above security issues, organizations need to follow a set of strict protocols, including:

See Also
See comments and activity on your OneDrive files

1. Device security protocols – Several general security protocols should be implemented with devices using OneDrive. Some of the most basic include mandatory downloading of antivirus software and ensuring it is current on all employee devices. Other steps include using a firewall, which will block all questionable inbound traffic, and activating idle-time screensaver passwords. As employees return from remote work locations and bring their devices back on-premise, it’s crucial to ensure all devices have updated security and meet the latest compliance requirements.

2. Network security protocols – In addition to using protected devices, employees should be especially cautious when connecting to any unsecured networks. Before connecting to a hotspot, instruct employees to make sure the connection is encrypted and never open OneDrive if the link is unfamiliar. Turning off the functionality that allows your computer to connect to in-range networks automatically is one easy way to add a layer of protection.

3. Protocols for secure sharing – Make sure to terminate OneDrive for Business access for any users who are no longer with the company. Having an employee offboarding process that includes this step lessens the risk of a former employee stealing documents or information. Make sure to allow access to only invited viewers on OneDrive. If you share a file or folder with “Everyone” or enable access with the link, it opens up new risks as anyone on the internet can find and access your document. It’s also helpful to have outlined rules for downloading and sharing documents inside, and outside, the corporation.

4. Secure sensitive data – Avoid storing any payment data in any Office 365 products. For other confidential documents, individual users can use PV. Organizations can store sensitive data only by using a secure on-premises or encrypted third-party cloud backup service that is compliant with data regulations mandatory for your organization.

5. Use a cloud backup solution – To best protect your company from all sides, it’s essential to use a cloud backup solution when saving valuable information to OneDrive. Make sure any backup solution you choose has cloud-to-cloud capabilities with automatic daily backup. In addition, a ransomware protection service that scans OneDrive and other Office 365 services for ransomware and automatically blocks attacks is your best defense against costly takeovers.

Whether it’s preparing for upcoming mandatory regulations or dealing with the sudden management of employees working offsite, the security landscape is ever-changing. Keeping up with the latest methods to keep your company both protected and compliant is a challenge that needs constant attention. With a few critical steps and the utilization of new technology, business users can protect themselves and lessen the risk to their data.

As a seasoned cybersecurity professional with a wealth of experience in cloud security, I can confidently address the key concepts discussed in the article, offering insights based on a deep understanding of the subject matter.

OneDrive Security Gaps:

The article outlines several security gaps associated with OneDrive, Microsoft's popular cloud storage solution. Let's break down the concepts discussed:

  1. Document Visibility:

    • Users' confusion about who can access company files in OneDrive is highlighted.
    • Files saved in personal accounts are private until shared, and encryption is applied for non-owners.
    • OneDrive for Business introduces visibility policies set by administrators.

  2. Sensitive Documents in OneDrive:

    • The article defines sensitive documents as those containing personally identifiable information (PII), personal health information (PHI), financial data, or information covered under compliance requirements.
    • Personal Vault (PV) in OneDrive provides an additional layer of security for sensitive information with various verification methods.

  3. OneDrive Not a Backup Solution:

    • The critical distinction between cloud storage and cloud backup is emphasized.
    • OneDrive is positioned as a storage solution, lacking the comprehensive protection offered by backup services.
    • The vulnerability of relying solely on OneDrive for businesses is underscored, especially in the event of data loss or compromise.

  4. Common OneDrive Risks:

    • Security issues like data theft, data loss, corrupted data, and inadvertent sharing are identified as common risks.
    • Compliance violations are a top concern due to easy access to documents in OneDrive.

  5. Maximizing OneDrive Security:

    • Protocols for device security, network security, and secure sharing are recommended.
    • Device security protocols include antivirus software, firewalls, and idle-time screensaver passwords.
    • Network security protocols advise caution when connecting to unsecured networks.
    • Secure sharing protocols involve terminating access for departed employees and restricting access to invited viewers.
    • Recommendations also include avoiding storing payment data in Office 365 products, using Personal Vault for individual users, and utilizing a secure backup solution.

  6. Cloud Backup Solution:

    • The article stresses the importance of using a dedicated cloud backup solution for comprehensive data protection.
    • Features such as cloud-to-cloud capabilities and automatic daily backup are highlighted.
    • Ransomware protection services are recommended for scanning and blocking attacks on OneDrive and other Office 365 services.

In conclusion, the article provides a comprehensive overview of potential security risks associated with OneDrive and offers practical steps and recommendations for organizations to enhance their data protection strategies. It emphasizes the importance of staying proactive in the ever-changing landscape of cybersecurity to ensure both protection and compliance.

5 keys to protecting OneDrive users - Help Net Security (2024)
Top Articles
How to Unblock and Use Discord in China (with a VPN)
What Color Catches the Eye First? | The Science of Vision
10 meilleures pôles de vélo de route (testés et révisés 2023)
5 zones de fréquence cardiaque, expliquées - Plus aérobie vs fitness anaérobie
Latest Posts
How Can Traders Deal with Apple’s MetaTrader Ban? | FXOpen
What is the Remote ID and Local ID for IKEv2?
Article information

Author: Laurine Ryan

Last Updated:

Views: 6271

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Laurine Ryan

Birthday: 1994-12-23

Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603

Phone: +2366831109631

Job: Sales Producer

Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy

Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.