Content

Protect Your Clients’ Office 365 Data from Ransomware

Ryan Weeks, Chief Information Security Officer, Datto, Inc.
Author: Datto CISO Ryan Weeks

For small to mid-sized businesses Microsoft Windows-based systems remain dominant. Windows continues to be the operating system most widely used on desktops and laptops, and Microsoft Office remains the most widely used work office suite.

So it’s no surprise that Windows systems remain the top target for ransomware, too. A stunning 100% of IT professionals reported they had seen Windows systems infected by ransomware, as reported in Datto’s State of the Channel Ransomware Report. Ransomware typically encrypts your files and promises to decrypt data after a ransom payment.

The collaborative capabilities of Office 365 make ransomware defense more challenging. Before Office 365, you wrote a Word document on your laptop, saved it on your system or file server, then emailed it as an attachment to share outside your organization. Copies of your file could exist in several places: your laptop, a file storage server, your sent email, and the inbox of the recipient.

Thanks to shared files and OneDrive sync, your files may be in more places than ever. A user that shares a document with colleagues can end up with copies on multiple laptops. Each person with editing access might sync a copy to their system. When one person gets ransomware, files get encrypted -- then the encrypted versions sync through to everyone else. The same is true for Sharepoint Online. As most business critical data is created in Sharepoint Online libraries, it’s important to note that ransomware is easily spread there via the sync client.

In fact, 29% of IT professionals reported that their clients had encountered ransomware that targeted Office 365. It takes just one visit to a malicious site, one accidentaldownload, or one infected attachment to unleash ransomware.

Update to Reduce Ransomware Risks

  • Operating System: Microsoft system requirements list Windows 7 Service Pack 1 as the oldest desktop operating system suggested for Office 365. Remember, though, that Microsoft first released Windows 7 in 2009, and that mainstream support for it ended in January 2015. The first step is simple: run Windows 10 to reduce your ransomware risk. Microsoft found that “devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7” in a “Ransomware Protection in Windows 10 Anniversary Update” report.
  • Browser: Microsoft built Office 365 to work with a variety of browsers, including Chrome, Firefox, and Safari, as well as Internet Explorer and Microsoft Edge. If you deploy Chrome, Firefox, or Safari in your environment, make sure these stay current, as well. Google updates Chrome about every six weeks, while Mozilla releases a new version of Firefox roughly every six to eight weeks. A once or twice-a-year browser deployment leaves people needlessly vulnerable to known and patched problems. Of Microsoft’s two browsers, choose Edge to reduce ransomware risks. Edge lacks support for some legacy features, such as ActiveX, that increased the potential for security problems in Internet Explorer. If you use Internet Explorer, upgrade to Internet Explorer 11, which will run on Windows 7 Service Pack 1 systems and all newer Windows operating systems. Both Edge and Internet Explorer 11 offer SmartScreen Filters to help guard against malicious sites and downloads.
  • Patches: while it may seems obvious, apply patches promptly. Ransomware and other malware pursue multiple paths around defenses—so it’s not enough to just update to devices monthly. An unpatched laptop that connects to your network, servers, or OneDrive today, may deliver malicious code to encrypt every file it can find tomorrow. So patch promptly.

In our eBook, Defending Office 365 Data from Ransomware, we provide everything you need to know to help protect your clients’ data. This eBook outlines a best practices that all companies should be implementing to ensure their data is secure and accessible, no matter what happens. Download your copy today


Ryan Weeks is chief information security officer at Datto Inc. Read more Datto blogs here.

You can skip this ad in 5 seconds