The security superiority of cloud offerings such as Google Workspace or Microsoft 365 is no longer debated. But is your data safe from viruses and especially from crypto viruses - or ransomware - when you use Google Drive, Dropbox, OneDrive?
100% web model
If you use Google Workspace or Microsoft 365 in 100% web mode, i.e. you only work from the web browser, you are protected against malware and ransomware1. Indeed, there is no passage between an infected computer and your data on the cloud.
By working in 100% web mode, a possible virus polluting the operating system (Mac, Windows) cannot be traced back to the data on the cloud.
But what about when you synchronize data locally?
1 Beware of third-party add-ons that you may have added to Drive and for which you have therefore authorized access to your data. We recommend that administrators prohibit add-ons or only allow those that are above suspicion.
Can ransomware encrypt my cloud data?
Yes, when you install Dropbox, Google Drive or Microsoft OneDrive synchronization software for example, a certain amount of data will be hosted on your computer.
If a crypto-locker infiltrates a computer, it will encrypt the disk. Your local data will be encrypted before being synchronized with the cloud service. Then the encrypted data will be sent back to the other synchronized devices (yours and colleagues'). And then: bye bye healthy data!
Google Drive and ransomware
Google Drive app and OneDrive on Demand are clients that are installed on the computer. Displayed as a mounted disk, they give access to the entire tree of the cloud server. The user can then open the files with his usual software; the files are downloaded on demand (streaming). A cache system keeps the recent data locally and the user can activate the offline mode on the data of his choice to have them available even if he has no internet.
With Google Drive the app and OneDrive on Demand, all data - even remote data, which was neither cached nor defined as available offline - can be corrupted depending on the type of virus.
Read about: Google Drive, a cloud server?
How to protect yourself from ransomware
You must first protect the entry points, i.e. your hardware, computers and employee devices. Not only does a crypto-virus attack your data, but it can spread. For example, some viruses replace healthy files with a fake hiding a malicious executable. You must avoid this propagation at all costs: more and more companies are "connected" to each other via shared data.
On average, Gmail is 5 hours ahead of antivirus vendors in detecting new threats.
You can also use specialized solutions such as Cylance or FireEye as an umbrella for your infrastructure so that you are not dependent on a single security system.
You must then have a backup system if a disaster happens. With Google Workspace or Microsoft 365, you can choose between 2 strategies to back up your data and be able to restore it in case of an incident:
- Cloud-to-Cloud: use a cloud backup service that will provide backup and recovery of your Google Workspace or Microsoft 365 infrastructure.
- Hybrid: use a local or hosted server (e.g. a Synology or QNAP NAS) to back up your cloud.
Would you like advice on a strategy adapted to your situation?
Note that services like Box, Dropbox, Drive, OneDrive integrate versioning: you can recover previous versions of a file. This is useful for limited damage, but impossible if you need to restore several hundred, thousands or millions of files. Microsoft OneDrive now offers a mechanism for restoring mass data.
The user, the weak link
The restoration of several terras is not without effort. The spread of a virus to a customer becomes a serious problem. Dealing with the damage of an attack always costs much more than a little information on a regular basis.
User awareness of good practices and dangers is essential. But it is almost non-existent in companies.
It is imperative to train users on data security. What are the risks? Where do they come from? What are the consequences? Regular (very regular!) reminders should be sent to them about good practices. A user must know the emergency procedure if he/she is victim of a virus or if he/she notices something suspicious.
Conclusion
The cloud offers unparalleled security guarantees for your data. While G Suite and Office 365 have "out of the box" protection mechanisms, they are not completely watertight depending on how you use them.
Implement a backup and recovery strategy to protect against intentional or unintentional data loss, whether from users or malware.
Would you like advice on the right strategy for your situation?
Google Workspace superior to Microsoft 365
Hyperconnected: the brain at risk
Choosing a project management software