Lepide Blog: A Guide to IT Security, Compliance and IT Operations

OneDrive Security Best Practices

OneDrive Security

Microsoft OneDrive is one of the most popular cloud storage platforms on the market. Documents stored in OneDrive can be easily accessed, shared, and synced, anytime and from anywhere.

Given that cloud services account for the largest source of Microsoft’s revenue, data security is clearly very important to them. However, since the majority of data breaches are the result of negligent or malicious insiders, they can only do so much to prevent your critical assets from ending up in the wrong hands.

For example, Microsoft can’t stop users from choosing weak passwords, using outdated or malicious software, failing to implement robust access controls, or failing to properly configure their firewall.

Built-in OneDrive Security Features

To start with, in order to keep your OneDrive data secure, it’s worth familiarizing yourself with some of the built-in security features provided by Microsoft, which include:

Threat monitoring

OneDrive allows you to monitor for suspicious activity, as well as scan for viruses and other types of malware.

Breach Prevention

OneDrive provides features for access control, encryption, and link expiration and allows you to password-protect specific files and folders. The OneDrive Personal Vault requires additional authentication methods to access data.

Data Recovery

OneDrive provides version history for all file types, notification and recovery options when a large number of files are deleted, as well as options to recover files following a ransomware attack.

OneDrive Security Best Practices

OneDrive security requires a mix of general data security practices and best practices that are specific to the OneDrive platform. Below are some of the most notable best practices when storing sensitive data in OneDrive:

Use a strong password

Passwords should be 12-14 characters long and contain uppercase and lowercase letters, including special characters. Alternatively, consider using a passphrase, as they are generally harder to guess, and easier to remember.

Use two-factor authentication (2FA)

When using 2FA to sign-in to OneDrive, you will receive a security code via email, phone, or authenticator app.

Enable encryption on mobile devices

If you are using the OneDrive mobile app, it is a good idea to enable encryption on your iOS or Android devices to protect your data if the device gets lost or stolen.

Train your employees

All employees should be trained to identify the latest security threats. They must know how to keep their credentials secure and be able to identify suspicious emails, applications, SMS messages, and so on.

Install security patches and updates

Ensure that security patches and updates are installed as soon as they become available. The easiest option would be to enable automatic updates in Windows.

Control access privileges

Ensure that each user is granted the least privileges they need to perform their role, and in some cases, permissions should be granted on a time-limited basis to perform specific tasks. Users should avoid storing confidential data on OneDrive unless they really need to, and administrators should use a regular user account when editing documents, sending emails, sharing files, and other day-to-day activities.

Strengthen your perimeters

Ensure that your firewall is properly configured, close any unused ports, and only allow connections from trusted IP addresses.

Install a third-party backup solution

Even though OneDrive is frequently used for backing up data, it’s worth considering using a third-party backup solution in case your OneDrive account is compromised.

Purge inactive user accounts

Inactive user accounts should be identified and purged in a timely and organized manner. Consider using a third-party auditing solution that can automatically detect and manage inactive user accounts.

Create a DLP policy

Create and configure a Data Loss Prevention (DLP) policy in the OneDrive for Business Admin Center.

Monitor all important changes in real-time

In the Microsoft 365 Security & Compliance Center, you can search the unified audit logs for changes made to the files and folders stored on OneDrive.

However, it should be noted that the unified audit logs have a number of drawbacks. For example, the audit data is fetched on demand, which may take a long time if you are searching a large number of records. There are also a few pre-defined reports to choose from. By default, the audit logs are only retained for a maximum of 90 days, which may not be enough to satisfy certain regulations, such as HIPAA.

Using Lepide for OneDrive Security

To get around these limitations, you can use Lepide Auditor. Lepide’s OneDrive for Business security module gives you a complete picture of all the important security interactions and changes taking place in OneDrive.

There are a large number of pre-defined reports to choose from, which you can generate at the click of a button, including but not limited to:

  • Identify when data is shared externally
  • Discover and classify sensitive data in OneDrive
  • Analyze permissions
  • Track file and folder level changes
  • Track security groups and configuration changes

With Lepide, important events will generate a real-time alert, which can be sent to your inbox or mobile app, and automated threat responses can be triggered if immediate action is required. And finally, there are no limitations regarding how long the logs are retained.

If you’d like to see how Lepide can help keep your OneDrive data secure, schedule a demo with one of our engineers.