How to protect Office 365 data from ransomware attacks

Given the broad scope of services Microsoft Office 365 provides, it’s no surprise it has become one of the company’s fastest growing revenue streams. Widespread popularity often breeds malicious activity, however, and Office 365 is no exception. Ransomware is growing at a mind boggling rate – Cisco estimated a 350% year over year growth rate in their 2018 Annual Cybersecurity Report.

Ransomware, in particular, has introduced significant risks for Office 365 users. Cerber ransomware, for example, targeted Office 365 and flooded end users’ inboxes with an Office document that invoked malware via macros, and the now infamous WannaCry attack was engineered to take advantage of a Microsoft vulnerability. And now we have an even more insidious ransomware strain with ShurL0ckr – designed to evade the built in malware protection on OneDrive and Google Drive.

Ransomware can be truly debilitating as it expands very quickly, locking down as much data as possible, infecting critical files, and spreading to other machines. With Office 365 collaboration tools such as SharePoint Online and OneDrive for Business, ransomware can inadvertently spread across multiple users, systems and shared documents, allowing hackers fast and easy access to valuable data, email and networks. This domino-like effect that results from just one single point of entry is what inevitably leads to these well-known breaches we continue to hear about in the news.

To protect critical business data within Office 365, organizations should adhere to the NIST Cybersecurity Framework, which offers guidance based on existing standards, guidelines and practices to better manage and reduce cybersecurity risk. Identity management, data loss prevention, and backup and recovery are three crucial areas to evaluate within the NIST Cybersecurity Framework, especially when moving high priority data to a SaaS application like Office 365.

Additionally, organizations should incorporate the following risk mitigation best practices to help keep their organization secure:

Educate and test your users

Since users are often the ‘malware gateway’ into an organization, it’s important to educate your users on how to avoid getting infected in the first place. Be sure to see that everyone installs proper antivirus/malware software, is aware of popular social engineering techniques so that they don’t inadvertently open a fake email or follow a malicious link, and keeps their systems and applications up to date. Equally important is testing your users. Use a service to see how your users perform in the real world and test them on multiple levels (e.g. via email, USB, etc.).

Test your security and IT teams

Just as users need to be continually educated and tested, so do the members on your security and IT teams. Ensure they’ve evaluated all cyber risks facing your organization – both potentially imminent threats and longer-term dangers – and conducted scenario planning accordingly.

In fact, it’s best to regularly check in with your security and IT teams to confirm they’re considering any and all worst-case scenarios, and proactively building solutions and responses for each situation. This is why some companies have started practicing “red teaming” exercises, or viewing a problem from an adversary’s perspective by essentially “hacking” their own organization.

Regularly back up your data

Unlike other types of malware, ransomware encrypts files and locks down entire systems. Hackers will typically demand payment to unlock an organization’s data and/or their customers’ data, however there’s no guarantee the hacker hasn’t damaged the data or will return control to trusted administrators once the ransom is received.

Implementing a secure backup and recovery solution is key to proactively protecting your Office 365 data and your organization’s general productivity from ransomware attacks. Look for cloud-based tools that continually run in the background, don’t require complex maintenance, and can restore your critical business data to the last ‘clean’ version, as this capability will minimize the cost of employee downtime and eliminate the need to pay ransom in the event that your data is taken hostage.

With so much at stake, every member of your organization – from your CEO down to each individual employee – must take proactive measures to protect the data within prime ransomware targets like Office 365. Educate your users to make sure they’re aware of the latest malware strains and stay in close contact with your security and IT teams to ensure they’re perpetually prepared for an attack.

Most importantly, implement a data backup and recovery solution that’s built specifically for cloud apps. Because even with proper training, end users, security and IT teams can still make mistakes, and with ransomware, there’s never a guarantee your data will be recoverable or returned to you after an attack.