September 23, 2020
OneDrive Security: A Full Overview
Microsoft OneDrive is a reliable cloud storage and synchronization service developed for storing and sharing files. Security is important for personal users who use OneDrive as well as enterprise users who use OneDrive for Business as part of Microsoft Office 365. Knowing the risks to OneDrive security helps you understand how to overcome them and reduce the probability of undesired scenarios. Security is one of the main parameters considered when selecting a cloud storage service. Data loss and data theft are the main threats when it comes to Microsoft OneDrive security. This blog post covers Microsoft OneDrive security and provides recommendations on how to ensure strict security when storing files in OneDrive.
Let’s begin with an overview and frequently asked questions about Microsoft OneDrive security. Users usually ask:
Are OneDrive files secure?
Files stored on OneDrive are secure. They are encrypted on Microsoft servers and an encrypted network connection is used to transfer files.
Can OneDrive be hacked?
Yes, OneDrive can be hacked if you use a simple password, have viruses, visit phishing websites, or don’t respect the security policy.
Which cloud storage is most secure?
Each cloud storage has advantages and disadvantages including security parameters. You can read the blog post comparing OneDrive to Google Drive to see the differences.
Is OneDrive secure? Is OneDrive for business secure?
Microsoft cares about the security of OneDrive and OneDrive for Business users. OneDrive for Business is secure and provides more recovery options for an organization and Microsoft Office 365 users compared with a consumer version of OneDrive.
Is OneDrive for Business more secure than OneDrive?
Yes, OneDrive for Business is slightly more secure than OneDrive for consumers. Microsoft Office 365 administrators in organizations can control security settings. More data protection capabilities are provided.
Is OneDrive safe for sensitive documents?
Yes, but users have to respect the security policy when using OneDrive to store sensitive documents.
How do I make OneDrive more secure?
You should take a couple of measures and follow the security recommendations that are explained below in this blog post.
OneDrive Security Risks
If you want to use OneDrive securely you should know the OneDrive security risks. OneDrive security concerns are similar to the security concerns regarding other cloud storage platforms – data theft, data corruption, and data loss. OneDrive security risks and OneDrive for Business security risks are the same for Office 365 users. Let’s look at OneDrive security risks in detail.
Using a simple password such as monkey123, 03051976, or Education is a risk. Attackers can crack such passwords and own your Office 365 account and then get access to OneDrive.
Saving passwords in files as plain text or using sticky notes with passwords on your monitor, among other things, constitutes a threat for passwords as they can be stolen.
Another risk factor is providing permissions higher then needed when sharing files on OneDrive. For example, a user shares files for everyone and provides full permissions. Other users can delete data, write unwanted changes to files, and corrupt files if their computers are infected by ransomware or other viruses.
Using an operating system and other applications without the latest security patches can compromise your OneDrive account. There can be vulnerabilities in software, for example, in Windows, Flash Player, the web browser, Microsoft Office applications, and so on. Vulnerabilities can be used to run exploits, get control of a user’s machine, for privilege escalation, and so on.
Be careful when using public Wi-Fi networks for connecting to the internet, especially if you need to log in to your Office 365 account. If the firewall is configured improperly on a router, attackers can use open ports and vulnerabilities to infect computers.
Delayed response can make things even worse. Many attacks are left undetected for a long period of time. When the attack is detected, data can be deleted, and many computers and users can be compromised. It may cause significant loses and can be difficult to restore data.
In order to prevent the listed security risks, read OneDrive security recommendations.
OneDrive Security Recommendations
Use a strong password whose length is at least 8 characters and that contains lowercase and uppercase letters, digits, and special characters (for example, j&s2Pv$m8). Make sure the user credentials are stored safely. Use different passwords for a Microsoft account, Windows account, and other accounts.
Use two-factor authentication. This feature is well known for OneDrive for Business and Office 365 for organizations. Microsoft recently presented Personal Vault for those who use the consumer version of OneDrive. Personal Vault allows you to use a OneDrive folder with a stronger security configuration and supports two-factor authentication.
Use antivirus software and make sure that it is up-to-date. Antivirus can detect malicious files on your computer and delete them to prevent infection and data loss.
Install security patches and updates to avoid using known vulnerabilities by attackers. If auto-update is enabled for Windows, all security patches and updates for Windows, including the OneDrive desktop application, are installed automatically.
Control OneDrive permissions. Make sure that permissions for shared files are not higher than is needed.
Don’t use administration privileges when they are not needed. Administrators should create regular user accounts for themselves for sending emails and working on regular tasks such as sharing files on OneDrive and editing Office 365 documents.
React quickly if you suspect that your Office 365 account (or the account of another user in your organization) is compromised.
Take care of network security. Configure the firewall on a router properly. Unused ports (ports that are not needed) should be closed on the firewall. Allow connections from trusted IP addresses where it is possible. If a Wi-Fi network is used, a strong password should be used. Be careful using OneDrive when connected to public and unsecured networks.
Restrict access. Limit access to privileged data.
Make security and data protection a priority. Don’t underestimate the importance of security and data protection.
Secure sensitive data. Avoid storing passwords, payment data, and other critical files on OneDrive especially in shared folders. If you need to store important data on OneDrive, be careful when configuring sharing options.
Administrators should train users to detect social engineering, suspicious emails, and malware. Users should not open attachments in malicious email messages or share their credentials.
Administrators should review OneDrive sharing configuration for users and check access logs periodically, for example, once per month.
Administrators should configure alerts for changes and security issues. Analyzing user behavior can help administrators find possible issues and vulnerabilities.
Use automation tools to reduce the number of cases when the administrator has not detected a threat in time.
Configure policies and retention settings for Microsoft Office 365 and OneDrive.
Features Provided by Microsoft to Improve Security
Most of the security concerns for OneDrive are caused by user errors. There is no evidence of data leaks caused by Microsoft errors from data centers used for OneDrive cloud storage. Microsoft uses modern technologies and standards for security and removes any found issues as soon as they are identified. Some of them are listed below.
- OneDrive encryption. Data encryption is performed when storing data on Microsoft servers and when transferring data over networks.
- Disk-level file encryption is used for data stored on Microsoft servers. Encryption is performed on a per-file basis.
- Network communications from a user’s computer to OneDrive (via the internet) are protected by using SSL/TSL. 2048-bit encryption keys are used for securing data when transferring over the network. Data transfers between Microsoft data centers is performed over encrypted private networks.
- Microsoft provides the Office 365 admin center for administrators of organizations to manage Office 365 security settings centrally (including OneDrive settings).
- Microsoft provides the Security and compliance center to edit Office 365 security settings as well as configuring alerts and notifications.
- Automation tools and security monitoring systems allow you to configure automated alerts that are triggered by suspicious activity.
- Exchange Online Protection is a feature that can protect Office 365 accounts in your organization against spam and malware. Microsoft Threat Intelligence and Advanced Threat protection also help protect Office 365 users against malware.
Microsoft provides a strict security policy and maintains high standards within Microsoft for employees, including technical specialists and service engineers. The security measures provided by Microsoft within the company are aimed at preventing users’ personal data breaches. Below you can read how Microsoft organizes maintenance of servers and equipment in data centers.
- When Microsoft technical specialists perform maintenance in data centers, they get only the privileges needed to resolve a task.
- Service engineers must request access for each task to prevent unauthorized access.
- A request must be approved; an approved request is valid for a specified period of time.
- Two-factor authentication is used to allow Microsoft specialists to authenticate when configuring servers.
- Security monitoring systems are used and the working process has a high level of automation.
This blog post has covered Microsoft OneDrive security risks and recommendations on how to reduce these risks. OneDrive security is important for both organizations and individual users who use OneDrive and Office 365. To minimize OneDrive security risks, you should understand OneDrive security concerns and respect the security policy, which includes multiple aspects. First of all, the security of OneDrive depends on user behavior. Microsoft uses modern security standards and maintains a high security level for cloud services to keep the risks of data loss at a minimum. Perform Office 365 data backup periodically to ensure a high level of data protection for Office 365 and OneDrive.