How OneDrive for Business Protects Documents and Data from Ransomware
Discover OneDrive’s role in protecting sensitive data and files from incoming ransomware attacks, insider threats, and other risks.
Discover OneDrive’s role in protecting sensitive data and files from incoming ransomware attacks, insider threats, and other risks.
Table of Content
While most ransomware attempts fail, hackers target cloud-based file storage platforms all the time.
Cloud attacks are seriously lucrative – and well worth the effort. One successful attack can offer massive payouts – and leverage shared vulnerabilities to demand ransoms from other companies using the same cloud provider.
Microsoft’s OneDrive for Business (ODB) is well-equipped to defend against these threats – offering built-in ransomware detection, real-time monitoring, and extra protections for sensitive data like credit card numbers, IP, and customer and employee records.
Still — OneDrive is just one of many moving parts that, together, defend your company from every possible angle. Orgs that fail to implement the culture, policies, and tech needed to block incoming attacks and mitigate future risks, threat actors will eventually come for your most valuable docs and data.
Below, we’ll examine OneDrive’s role in protecting sensitive data, files, and your organization in general from incoming ransomware attacks, insider threats, and other risks.
ODB safeguards your files with several baked-in protections — advanced encryption, sensitivity labels, rights management, multi-factor authentication, etc. Microsoft also maintains compliance with privacy laws like GDPR and CCPA, and ISO/IEC 27018 (aka international cloud privacy standards).
Data is protected in-transit via transport layer security (TLS) and Microsoft only permits users to access OneDrive files via secure, authenticated connections. As an example, if you try to access an HTTP site, you’ll automatically be redirected to HTTPS.
While at rest, files are encrypted with a unique AES256 key (stored in Azure Key Vault). Microsoft also provides network and identity protections, while sensors, surveillance cameras, and security officers protect its global network of physical data centers.
Additionally, OneDrive and Microsoft 365 include real-time security monitoring systems trained to detect anomalies, issues, and incidents and automatically take action against threats.
However, it’s important to note that OneDrive security breaches do sometimes happen – but does that mean OneDrive for Business is a security risk? Yes and no.
Any cloud-based file sharing service can fall victim to ransomware. It’s impossible (even for Microsoft) to prepare for every theoretical vulnerability and the threat landscape is constantly evolving.
But – most OneDrive breaches are caused by human error. The best thing you can do is build a holistic strategy spanning everything from training and to insider risk management, and Zero Trust device and identity policies.
While OneDrive for Business provides several features and functions that can help you bounce back from a ransomware attack, let’s get real clear about something super important: ODB is not a backup tool.
Run a quick Google search or scroll through Reddit and you’ll see that this is an ongoing source of confusion. This r/onedrive post rightfully points out that MS365 subscribers get 1TB of OneDrive storage for backing up files and photos, plus access to its advanced security features – which does make it sound like a backup solution.
But – OneDrive’s data loss and recovery protections are designed to serve as a temporary safeguard against unexpected incidents or outages. For example, if you lose your laptop or your account gets hacked you can use Known Folder Move to quickly recover files and get back to work with minimal data loss.
If OneDrive detects any unusual activity, you’ll get an alert via MS365. That might mean the algorithm found malware in your system or identified unauthorized file sharing. Or, maybe you delete a bunch of old files from the cloud backup and the system needs to confirm this is an intentional choice.
Users can restore files for up to 30 days after incidents such as ransomware attacks and breaches, file corruption, or unintentional edits or deletions. But — certain ransomware strains are capable of copying and encrypting a file, then removing the original document — and its entire version history.
File restoration hinges on whether the malware attack occurred within the 30-day timeframe. Meaning, if files were infected 45 days ago, you can’t turn back the clock with file versioning, that data is gone.
The alerts should prevent this from happening – but you’ll definitely need a more robust (and permanent) backup solution to protect data, support recovery efforts and ensure continuity.
OneDrive for Business enforces security best practices, supports seamless collaboration, and provides easy access to the docs and data employees and stakeholders need to do their jobs.
Admins can define security policies at the global level, set expiration dates, create custom passwords, and block downloads – either from unknown sources, specific sites, or just in general.
These controls free end-users from the burdens of enforcing compliance requirements or making judgment calls about what they’re able to share with stakeholders on an individual basis. Users can create, modify, access, and share files from any device or location — even if recipients don’t have a Microsoft account. In that case, users can use SSO, biometrics, or Entra Verified ID — the brand-new decentralized identity platform to verify identities.
They can also use the mobile app to capture data from analog sources (think whiteboards, receipts, and the full spectrum of paper docs). All data — regardless of source — is searchable, protected, and unified and can be used to inform decisions, identify risks, and develop proactive, agile strategies across your entire business.
OneDrive for Business is part of a broader effort across the entire Microsoft ecosystem to ensure that users stay in control of their data. Its baked-in security protections are seriously impressive but they can’t protect your business on their own, nor can they make up for poor cyber hygiene.
Velosio provides security planning and analysis services that help organizations reduce risk, prevent ransomware attacks, and carve out a competitive advantage in the cloud. Our Microsoft experts are trained to ID potential threats and provide end-user training — that way, clients can avoid problems before they happen. Contact us today to learn more.
Campfire365 Ep.1 - The Big Disaster: Is Your Organization Ready for the Next Major Catastrophe