Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology.
OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it, according to a study by cloud control tech vendor Skyhigh Networks. The average corporate OneDrive service contains 204 unencrypted files labelled “passwords”.
This risky practice has actually increased over the last few months. Corporates averaged 143 “password” files uploaded to OneDrive in Q3 2015.
The amount of sensitive data being stored on OneDrive in general is increasing, Skyhigh reports. Around one in six (17.1 per cent) of stored files contain sensitive data, which consists of confidential data (9.4 per cent), personal (4.1 per cent), health (1.9 per cent) and payment (1.7 per cent) information.
Skyhigh Networks’ Nigel Hawthorn said the wide range of available applications makes Microsoft Office 365 a popular corporate option.
Increased usage of the technology has not, unfortunately, been accompanied with greater security awareness. “Businesses and employees are still taking a relaxed approach to document security, especially when you consider the high frequency of threats,” said Hawthorn. “You would hope that the spate of high-profile data breaches would make enterprises sit up and take notice about the need for encryption, but the amount of unencrypted sensitive data stored on OneDrive is increasing.”
He added: “More than half of documents across all cloud services that contain sensitive data are stored in Microsoft Office formats. This percentage will only increase as OneDrive becomes more tightly integrated to the rest of the suite. Therefore, it’s imperative for businesses to educate their employees about how to safely store documents in the cloud."
Hawthorn concluded that the need for employee training is particularly acute in heavily regulated industries such as financial services or healthcare, two of the biggest users of Office 365.
Skyhigh Networks' technology allows organisations to monitor employee cloud use and lock down banned apps. The security vendor’s report on Microsoft Office 365 usage in the enterprise, published on Wednesday here, is based on real life data from more than 600 enterprises and 27 million users.
The study found that the occurrence of Office 365-related threats is common, 71.4 per cent of companies have at least one compromised account each month, 57.1 per cent have at least one insider threat and 45.9 per cent have at least one privileged user threat. ®