Heads up: If your company uses OneDrive for Business to store critical documents in the cloud, they may not be as secure as you think.
According to security expert Brian Maloney, Microsoft is not adequately securing data on user’s devices, which could present a massive security risk if that device becomes compromised. Without adequate OneDrive for Business security, sensitive information could easily fall into an attacker’s hands and have consequences for your company.
What Businesses Need To Know About the OneDrive Data Vulnerability
The Microsoft OneDrive risks stem from an issue with Optical Character Recognition (OCR), a tool that supports search functions. When you search your files in your OneDrive account, the system automatically saves the OCR data as a plain text image in a database on your computer. Additional security experts also note that pictures saved with OneDrive are stored in an unsecured SQLite file.
Why is this an issue?
The problem isn’t necessarily as much of a concern when your team works on company-issued hardware, as those devices typically have multiple layers of security in place. OneDrive for Business Security concerns arise when employees use their devices to access their OneDrive accounts. When they access files on devices that don’t have the same level of data protection, OneDrive files become more easily accessible.
Cloud Storage Security Tips To Protect Your Business
Because Microsoft has not acknowledged this issue or explained why it doesn’t secure OCR databases, it’s up to you to implement business cloud security measures to protect your company from the risk of a data breach.
Some of the ways you can protect your company and bolster OneDrive for Business security include:
- Implementing network access control (NAC) to block devices that don’t meet your security standards from accessing your company network
- Requiring employees to use a VPN for any work-related tasks on their own or company-issued devices
- Managing OneDrive Access Controls appropriately to restrict access to the most sensitive data to authorized individuals
- Maintaining a comprehensive updating and patching protocol that ensures Microsoft 365 and OneDrive always have the most up-to-date security protections in place
- Using two-factor authentication and strong passwords
- Disabling One Drive features that you won’t use to reduce risk
Although these cloud security tips can help protect your OneDrive for Business account, they aren’t foolproof, especially since the major issue is the potential for sensitive information on your employee’s devices. With that in mind, you need to consider whether you’ll allow your team to use their own devices for work and, if so, whether they’ll need to meet specific security standards.
It’s also important to reiterate to your employees that they must be as vigilant when using their devices as they are at work. Phishing messages can land in their inboxes at home, too, and their internet habits could create security risks. Staying alert to risks 24/7 can help protect your company from the fallout of a OneDrive for Business security breach.
