OneDrive Backup – risks, good practices and keeping your business data secure

Being able to transfer data between users easily, is key in running a successful business. So any program that allows you to do it can give you an advantage. One of such programs is OneDrive for Business provided by Microsoft. If it’s so widely-used, should you consider OneDrive Backup? OneDrive for Business is a cloud storage service allowing your users to store data and access it from any device they log on. This service offers great opportunities to improve your teams’ productivity. Allowing users to share files and collaborate on them in real-time. But all those pros, unfortunately, can be neglected if someone outside your company gains access to the user account. In this article, we will take a closer look at the risks involved in using OneDrive for business in your company, and how you can increase protection against those risks with a proper OneDrive Backup. 

Dangers Involved – why do you need OneDrive Backup?

I probably cannot list all of the dangers when it comes to using OneDrive for business, and other cloud services. But I’ll try to acknowledge you of those most common that will convince you to OneDrive backup needs. 

Device loss

Ability to log on, and use the data stored within OneDrive on any device, provides users with the flexibility of working as and where they want. But it also comes with a cost. That cost is a possibility of losing the device while a user is logged in or a possibility of that device being stolen. If the lost device came into possession of someone that is aware of access to business data on that device, it would lead to a data breach, in the best case.

Malicious employees

When employees are not satisfied with how you treat them or are fired, they can hold grudges towards your company and may want to cause some problems. As they have access to data inside OneDrive and probably many more services, this can lead to many problems with data being deleted or compromised. You’ll have to control how your users access data inside your organization.

Users Credentials being stolen

Hackers are running an ongoing operation that aims to steal users’ credentials. From many malware attacks wanting to gather data from inside, to phishing attacks which count on users not being educated well enough about internet security. If someone with malicious intent happens to acquire access to your company’s OneDrive user account, it can lead to causing financial losses in your company. Hackers can also store illegal content in compromised OneDrives. By acquiring users’ credentials to your organization’s OneDrive accounts hackers can gain access to all Office 365 apps your company uses, counting Exchange (mailboxes, calendars), Teams or SharePoint. 

Delayed Response

The biggest problem with all data breaches and malicious attacks is that they are noticed a long time after they occur. When we deal with thousands of files accessed by many users it can be challenging to know when a breach occurred, which means you have less time to deploy adequate security measures. And when it comes to ransomware – you usually realize it once you see a ransom note on your computer. Do you want to have immediate access to your data, ensure business continuity and data accessibility? Third-party backup software such as Xopero ONE, including OneDrive Backup, is the answer!

OneDrive security measures provided by Microsoft

OneDrive for business is a service provided by Microsoft, and Microsoft takes extra steps to ensure that the services it provides are as secure as they can be. 

Microsoft protects your data during transit between clients and data centers using transport layer security (TLS) encryption. Allowing access only through a more secure connection like HTTPS, rather than HTTP.

When your files are stored in the cloud, they are physically stored in data centers, which are very well protected. The infrastructure is adapted to the continuous operation of network devices and servers – appropriate building and interiors, motion sensors, power generators, uninterruptible power supply (UPS) as well as air conditioning ensuring the proper temperature, humidity and cleanliness of air. Everything is carefully maintained by specialists. Additionally, your data at rest is encrypted using the AES256 encryption algorithm. 

When any problem happens with your OneDrive storage that needs to be taken care of by tech support, Microsoft takes steps to ensure that your data is secure during the process. Office 365 maintains a “zero-standing access” policy, which means that engineers do not have access to the service unless it is explicitly granted in response to a specific incident that requires elevation of access. Whenever access is granted it is done under the principle of least privilege: permission granted for a specific request only allows for a minimal set of actions required to service that request. 

In addition, you will get alerted if OneDrive detects ransomware or malicious attack. The Windows Defender anti-malware engine scans documents at download time for content matching an AV signature.

Further security measures provided by Microsoft is related to suspicious activity on your accounts, or administrating files inside OneDrive. OneDrive monitors for and blocks suspicious sign-in attempts. Additionally, Microsoft will send you an email notification if they detect unusual activity, such as an attempt to sign in from a new device or location.

Other security measures you can take to ensure OneDrive is protected

Despite the securities Microsoft provides to ensure your data on OneDrive and other services is secure, you still need to make sure you educate your users about IT security. There are few things you can advise your users to do.  

Setting a strong password is a necessity, to ensure your account is secure. Your users should not write passwords down on a piece of paper, this can allow unauthorized users to gain access to their accounts.

Another way to ensure that logging into your account is setting two-factor verification. This helps protect your users’ accounts by requiring them to enter an extra security code whenever they sign in on a device that isn’t trusted. The second factor can be made through a phone call, text message, or app.

In case of when your user loses the ability to log onto their account, or that account has been hacked, you should advise your users to add security information like a phone number, alternate mail address, or a security question and answer. That way they can verify their identity, and speed up the process of getting access to that account back.

If your users use the OneDrive mobile app, I recommend that you advise them to enable encryption on their iOS or Android devices. This helps to keep OneDrive files protected if a user’s mobile device is lost, stolen, or someone gains access to it.
Finally, you should ensure that everyone in your company has proper third-party OneDrive backup software.

OneDrive Backup with Xopero

And yet, all those security measures can fail you, when you might need to access data from a month ago, a few months ago, and for example, due to an attack, it’s gone. You might want to add one more layer of protection, to make sure your data is thoroughly protected. That layer is a proper OneDrive backup solution. Having a backup in place ensures that even when something happens to the files you store in OneDrive, you have a copy of that data, ready to be recovered. Here at Xopero Software we can provide you with that layer of protection. Xopero ONE Backup & Recovery for Microsoft 365 (including OneDrive backup) provides:

  • Full control over versioning and retention allow you to easily adjust versioning and retention settings according to what you need. Store all versions, define the number of copies, or the time a given copy should be kept to optimize storage capacity. GFS, FIFO – choose your rotation scheme.
  • Multiple recovery options – almost instantly recovery of chosen files or entire systems. Both physical machines or Microsoft 365 data. Take advantage of Smart Disaster Recovery technologies and granular, cross-user, point-in-time recovery features.
  • Cross-user recovery – restore protected data to original user account or choose a different one from your Microsoft 365 organization account
  • Keep an eye on your data, easily search through protected accounts by username, email address,  and browse files, or messages in that account.
  • Military-level encryption: to encrypt your data we use different alterations of the AES algorithm. The time needed to perform a backup will vary depending on whether you chose to encrypt your data using OFB 128, OFB 256, or CBC 256 version of the AES algorithm.

and many more…