Keeping your data secure is not a piece of cake these days. With all the data breaches happening every second, no wonder it is expected that yearly worldwide spending on cybersecurity will have reached over $133.7 billion by 2022.
The situation puts us in a position where we can’t afford to be ignorant about data security any more. OneDrive security is not an exception.
Given that around 58.4% of sensitive data in the cloud is stored in Microsoft Office documents, Microsoft OneDrive’s security issues can easily spin into a nightmare. That’s why a comprehensive understanding of this notion is a must.
In this article, we will set the record straight with One Drive security best practices by answering the most frequently asked questions.
Table of Contents
1. Can anyone see my files on OneDrive?
All the files that you add or create outside of a Shared with me folder are private by default until you decide otherwise. At this point, files are encrypted for anyone but you and Microsoft personnel with administrative rights. For someone else to see your files, you have to share the folder or a separate file.
The same rule goes for your OneDrive for Business files with only one exception: the visibility of the files you create in the Shared folder via your school or work Office 365 account is determined by a policy set by an administrator.
Keep reading to find out more about how to secure the sharing permissions.
2. Is OneDrive safe for sensitive documents?
Is OneDrive secure for sensitive files? Before answering that, let’s quickly run through the material and elaborate—what exactly are these sensitive documents? And why do they require extra protection?
Examples of sensitive information:
- Personally Identifiable Information (PII), like a driving license or full name;
- Personal Health Information (PHI), like medical history, test results, insurance, etc.;
- Financial information, like a credit card number;
- Data covered under FISMA and GLBA compliance requirements.
As you see, this information can be stored on OneDrive by both individual users and companies. Therefore, the strategies for storing this information are different in these two cases.
For individual OneDrive users
For personal users, OD has a feature called Personal Vault (PV). How secure is OneDrive Personal Vault? It is basically a safe located in your Files folder and designed specifically for sensitive information. This Personal Vault is protected by the added layer of security you can set up by yourself—a fingerprint, a face ID, a one-time code sent via email or SMS, etc. You can find PV on the web and on the mobile app.
Plus, the Personal Vault folder has an idle-time screensaver that locks if you are inactive for 3 minutes on the mobile app and 20 minutes on the web. To regain access, you need to verify yourself again. And, of course, in PV, your files are encrypted until you verify your identity.
For OneDrive for Business users
The Private Vault function isn’t available in the ODFB package. Therefore, if your organization has no other way to store sensitive data than on OneDrive, we very much advise you to follow religiously all the security measures we speak about at the end of this article.
3. Is OneDrive a backup?
This question is tied with security more than it seems. The answer will show, why.
OneDrive is not a backup tool. OneDrive is cloud storage, and there is a massive difference between cloud backup and cloud storage. They have a few things in common, like the fact that they store your files on remote hardware. But it’s not enough to make them interchangeable.
In short, cloud storage is a place in the cloud where you upload (manually or automatically) and keep all your files. Cloud storage allows you to:
- Reach those files from any device at any time. All you need is an Internet connection and credentials from your account;
- Manually restore files from the storage in case of unwanted deletion;
- Scale storage according to your needs.
But if, for example, you accidentally deleted a file in your storage, or it was hit by ransomware, consider your files as lost. Also, keeping your files on cloud storage is not a suitable option for businesses. Companies’ main request is to restore high volumes of data after a disaster quickly, and this is not what cloud storage does.
Here are some famous examples of cloud storage services besides OneDrive: Dropbox, Google Drive, Box, AWS storage, and others.
Cloud backup, on the other hand, is a service that uses cloud storage for saving your files, but its functionality doesn’t end there. Here are the main features of backup:
- Copies your data automatically (you can customize the frequency) to the storage;
- Restores your data relatively quickly after the disaster. The speed of the recovery depends on the volume of data and the service’s capabilities. Some backup services do it faster than others thanks to granular recovery, which restores only lost files rather than all files together.
- Restores multiple versions of the backed up files;
- Searches for specific files;
- Keeps backed up data safe from the most widespread threats: accidental deletions, brute-force attacks, ransomware, etc.
Let’s sum up:
- If you need to be able to access, edit, and send your files from anywhere, use cloud storage.
- If you want to keep your data secure and be able to quickly restore it in case of disaster, use cloud backup.
In case while reading this you realized that you need to backup your OneDrive, read our guide How to backup OneDrive.
4. Which OneDrive security risks should I know about?
All the security issues tied with using OneDrive are common for all cloud storage services. Both individual OneDrive and OneDrive for Business security face the following risks:
- Data Theft (unauthorized downloads of critical business data)
- Data Loss (accidental or intentional deletions, ransomware)
- Corrupted Data (data encryption by ransomware). Read more about OneDrive ransomware here.
- Sharing Critical Information (sharing with everyone, making a document public, or sharing with people outside the organization by mistake or intentionally)
- Compliance Violations (negligence in approaching sensitive information)
- Loss of Accountability (when documents between coworkers are created aside from the main work folder)
5. How to maximize OneDrive security?
To liquidate all those OneDrive security issues, you need to follow concrete rules. Here is the full list of rules security of your OneDrive depends on for both individual and corporate users—just adapt them to your situation.
1. Secure the device(s):
- Download antivirus software with the latest definitions (make the antivirus program mandatory for employees in case you work in a company);
- Use a firewall—it blocks all questionable inbound traffic;
- Update your OS regularly;
- Avoid logging into your work account as an administrator;
- Activate idle-time screensaver passwords and create strong passwords;
- Ensure that all devices connected to OneDrive meet the security and compliance requirements (for organizations with BYOD policies)
2. Secure the network:
- Before connecting to the hotspot, check if it is encrypted. Don’t open your OneDrive if the connection is not encrypted.
- Check your connection settings, so your device doesn’t connect automatically to the closest hotspot.
- Don’t send sensitive information to unencrypted websites.
3. Secure the sharing:
- Make sure to terminate access to OneDrive for Business for users who are no longer with the company.
- Don’t make files or folders in OneDrive “public” or shared with “everyone.” If you share a file or a folder with everyone, it means some random person can find it even though it is located on your OneDrive.
- Pay attention to the “default” permissions when you are about to share a file, like “Can edit.” It allows the user you shared the document with to share the file further, change its settings, and alter the file itself.
- Don’t forget that a shared file can be downloaded and then forwarded to unauthorized users.
4. Secure sensitive data:
- Avoid storing your payment data in any Office 365 products. For other sensitive documents, individual users can use Personal Vault.
- Organizations can store sensitive data only by using a secure on-premises or encrypted third-party cloud backup service that is compliant with data regulations mandatory for your organization.
- Do not keep files in OneDrive with login/password credentials in them.
5. Use professional cloud data protection services
As OneDrive is in the cloud, you should use services dedicated to the cloud. Why? Because the principles that work for data security in the cloud differ from the way it works for on-premises systems.
It is an especially pressing problem now when all businesses switch to the cloud, motivating cybercriminals target towards relatively unprotected SaaS and the cloud in general.
So what data protection services for your OneDrive and other cloud data can you use? There are only a few options on the market yet that cover data losses from the cloud threats:
Spinbackup – Cloud-to-cloud backup with 3x a day automatic backup.
SpinSecurity – Ransomware protection that scans your OneDrive and other Office 365 or G Suite services for ransomware and blocks it in case of an attack.
Working together, they cover your bases from all sides.
See in action how it works:
Get a free 14-days ride: