Spin Technology adds new security features to its SpinOne for Google Workspace and Office 365

Spin Technology announced the next generation of SpinOne, an AI-powered ransomware and backup solution for Google Workspace and Office 365. In the last year alone, 51 percent of organizations were targeted by ransomware, and cybersecurity continues to be a top concern for business leaders.

Including advanced new security features, a completely redesigned user interface, and improved platform functionality, the latest version of SpinOne will help organizations better protect against ransomware attacks in the cloud.

Over the last seven months, cloud adoption has accelerated as the number of remote workers spiked dramatically due to the COVID-19 pandemic. This increased reliance on the cloud has resulted in more ransomware attacks on public cloud and SaaS services. In fact, according to a recent report, six in ten successful attacks include data in the public cloud.

SpinOne offers industry-leading ransomware protection for G Suite and Microsoft 365, backup capabilities, and application management.

“As organizations add additional cloud services, they need solutions that are simple to deploy and manage. These updates make it even easier for IT and security professionals to protect their employees from the risks associated with ransomware, all while allowing them to scale the SpinOne platform over time,” said Dmitry Dontov, Chief Executive Officer.

“As G Suite shifts to Google Workspace, SpinOne continues to protect your organization’s data against ransomware and now includes additional summaries that explain the levels of risk and required action. In addition, we’ve enhanced our cloud monitoring capabilities and introduced advanced auditing.”

Comprehensive new security summaries
  • From the dashboard view, an admin can now quickly scan their Google Workspace environment, including what security incidents have occurred to their data.
  • Each data feed is summarized in a widget outlining security incidents, incident history, account summary, and more.
Cloud monitoring
  • Google Workspace has various ongoing activities operating within it, and SpinOne Cloud Monitor now provides a comprehensive overview of all actions, including Data Sharing, Application Installed, and Drive File Deleted.
  • SpinOne now includes six additional cloud monitoring capabilities, detailing the admin activities within the SpinOne platform.
  • The Cloud Monitor Incident Report details actions from users that exceed the rules set by Admins in their policies.
Advanced auditing
  • SpinOne now expands its monitoring of OAuth access, including Android, Native, iOS.
  • Historical risk scoring reviews are now expanded, and organizations can review an add-on’s risk over time.
Enhancements to backup and recovery
  • Users and Groups are now separated in the new SpinOne.

APIs are now available for major third-party applications.

Attacked by ransomware? Five steps to recovery

Ransomware has been noted by many as the most threatening cybersecurity risk for organizations, and it’s easy to see why: in 2019, more than 50 percent of all businesses were hit by a ransomware attack – costing an estimated $11.5 billion. In the last month alone, major consumer corporations, including Canon, Garmin, Konica Minolta and Carnival, have fallen victim to major ransomware attacks, resulting in the payment of millions of dollars in exchange for file access.

steps ransomware recovery

While there is a lot of discussion about preventing ransomware from affecting your business, the best practices for recovering from an attack are a little harder to pin down.

While the monetary amounts may be smaller for your organization, the importance of regaining access to the information is just as high. What steps should you take for effective ransomware recovery? A few of our best tips are below.

1. Infection detection

Arguably the most challenging step for recovering from a ransomware attack is the initial awareness that something is wrong. It’s also one of the most crucial. The sooner you can detect the ransomware attack, the less data may be affected. This directly impacts how much time it will take to recover your environment.

Ransomware is designed to be very hard to detect. When you see the ransom note, it may have already inflicted damage across the entire environment. Having a cybersecurity solution that can identify unusual behavior, such as abnormal file sharing, can help quickly isolate a ransomware infection and stop it before it spreads further.

Abnormal file behavior detection is one of the most effective means of detecting a ransomware attack and presents with the fewest false positives when compared to signature based or network traffic-based detection.

One additional method to detect a ransomware attack is to use a “signature-based” approach. The issue with this method, is it requires the ransomware to be known. If the code is available, software can be trained to look for that code. This is not recommended, however, because sophisticated attacks are using new, previously unknown forms of ransomware. Thus, an AI/ML based approach is recommended, which will look for behaviors such as rapid, successive encryption of files and determine there is an attack happening.

Effective cybersecurity also includes good defensive mechanisms that protect business-critical systems like email. Often ransomware affects organizations by means of a phishing email attack or an email that has a dangerous file attached or hyperlinked.

If organizations are ill-equipped to handle dangerous emails, this can be an easy way for ransomware to make its way inside the walls of your organization’s on-premise environment or within the cloud SaaS environment. With cloud SaaS environments in particular, controlling third-party applications that have access to your cloud environment is extremely important.

2. Contain the damage

After you have detected an active infection, the ransomware process can be isolated and stopped from spreading further. If this is a cloud environment, these attacks often stem from a remote file sync or other process driven by a third-party application or browser plug-in running the ransomware encryption process. Digging in and isolating the source of the ransomware attack can contain the infection so that the damage to data is mitigated. To be effective, this process must be automated.

Many attacks happen after-hours when admins are not monitoring the environment and the reaction must be rapid to stop the spread of the virus. Security policy rules and scripts must be put in place as a part of proactive protection. Thus, when an infection is identified, the automation kicks in to stop the attack by removing the executable file or extension and isolate the infected files from the rest of the environment.

Another way organizations can help protect themselves and contain the damage should an attack occur is by purchasing cyber liability insurance. Cyber liability insurance is a specialty insurance line intended to protect businesses (and the individuals providing services from those businesses) from internet-based risks (like ransomware attacks) and risks related to information technology infrastructure, information privacy, information governance liability, and other related activities. In this type of attack situation, cyber liability insurance can help relieve some of the financial burden of restoring your data.

3. Restore affected data

In most cases, even if the ransomware attack is detected and contained quickly, there will still be a subset of data that needs to be restored. This requires having good backups of your data to pull back to production. Following the 3-2-1 backup best practice, it’s imperative to have your backup data in a separate environment from production.

The 3-2-1 backup rule consists of the following guidelines:

  • Keep 3 copies of any important file, one primary and two backups
  • Keep the file on 2 different media types
  • Maintain 1 copy offsite

If your backups are of cloud SaaS environments, storing these “offsite” using a cloud-to-cloud backup vendor aligns with this best practice. This will significantly minimize the chance that your backup data is affected along with your production data.

The tried and true way to recover from a ransomware attack involves having good backups of your business-critical data. The importance of backups cannot be stressed enough when it comes to ransomware. Recovering from backup allows you to be in control of getting your business data back and not the attacker.

All too often, businesses may assume incorrectly that the cloud service provider has “magically protected” their data. While there are a few mechanisms in place from the cloud service provider side, ultimately, the data is your responsibility as part of the shared responsibility model of most CSPs. You can take a look at Microsoft’s stance on shared responsibility here.

4. Notify the authorities

Many of the major compliance regulations that most organizations fall under today, such as PCI-DSS, HIPAA, GDPR, and others, require that organizations notify regulatory agencies of the breach. Notification of the breach should be immediate and the FBI’s Internet Crime Complaint Center should be the first organization alerted. Local law enforcement should be informed next. If your organization is in a governed industry, there may be strict guidelines regarding who to inform and when.

5. Test your access

Once data has been restored, test access to the data and any affected business-critical systems to ensure the recovery of the data and services have been successful. This will allow any remaining issues to be remedied before turning the entire system back over to production.

If you’re experiencing slower than usual response times in the IT environment or larger-than-normal file sizes, it may be a sign that something sinister is still looming in the database or storage.

Ransomware prevention v. recovery

Sometimes the best offense is a good defense. When it comes to ransomware and regaining access to critical files, there are only two options. You either restore your data from backup if you were forward-thinking enough to have such a system in place, or you have to pay the ransom. Beyond the obvious financial implications of acquiescing to the hacker’s demands, paying is risky because there is no way to ensure they will actually provide access to your files after the money is transferred.

There is no code of conduct or contract when negotiating with a criminal. A recent report found that some 42 percent of organizations who paid a ransom did not get their files decrypted.

Given the rising number of ransomware attacks targeting businesses, the consequences of not having a secure backup and detection system in place could be catastrophic to your business. Investing in a solution now helps ensure you won’t make a large donation to a nefarious organization later. Learning from the mistakes of other organizations can help protect yours from a similar fate.

5 keys to protecting OneDrive users

With the dramatic shift toward remote workforces over the last three months, many organizations are relying more heavily on cloud tools and application suites. One of the most popular is Microsoft’s OneDrive.

OneDrive security

While OneDrive may seem like a secure cloud storage solution for companies looking to use Microsoft’s suite of business tools, many glaring security issues can expose sensitive data and personally identifiable information (PII) if proper protection protocols are ignored. Data theft, data loss, ransomware, and compliance violations are just a few things that organizations need to watch for as their employees increasingly rely on this application to save more and more documents to the cloud.

While OneDrive does provide cloud storage, it doesn’t have cloud backup functionality, a critical distinction that must be made when choosing which information to upload and share. The data is accessible, but not protected. How can businesses ensure they’re mitigating security risks, while also enabling employee access? Below we’ll discuss some of the most significant security gaps associated with OneDrive and highlight the steps organizations can take to better protect their data.

Document visibility

One area that often breeds confusion for OneDrive users is who can access company files once they’re uploaded in the cloud. For employees saving documents on their personal accounts, all the files created or added outside of a “Shared with Me” folder are private until the user decides otherwise. At this point, files are encrypted for anyone but the creator and Microsoft personnel with administrative rights. For someone else to see your data, you have to share the folder or a separate file.

The same rule holds for files shared on a OneDrive for Business account, with one exception: a policy set by an administrator determines the visibility of the data you create in the “Shared” folder.

Are sensitive documents safe in OneDrive?

For purposes of this article, sensitive documents refer to materials that contain either personally identifiable information (PII), personal health information (PHI), financial information, or data covered under FISMA and GLBA compliance requirements. As we established above, these types of documents can be saved one of two ways – by an individual under a personal OneDrive account or uploaded under a Business account. Even if your business does not subscribe to a OneDrive business account, organizations should be aware that employees may be emailing themselves documents or sharing them to their personal OneDrive folders for easy access, especially over the past several months with most employees working from home.

For personal users, OneDrive has a feature called Personal Vault (PV). How secure is the OneDrive Personal Vault? It is a safe located in your Files folder explicitly designed for sensitive information.

When using PV, your files are encrypted until your identity is verified. It has several different verification methods that users can set up, whether it’s a fingerprint, a face ID, or a one-time code sent via email or SMS. The PV folder also has an idle-time screensaver that locks if you are inactive for 3 minutes on the mobile app, and 20 minutes on the web. To regain access, you need to verify yourself again.

Interestingly, the PV function isn’t available in the OneDrive for Business package. Therefore, if your organization has no other way to store sensitive data than on OneDrive, additional security measures must be taken.

OneDrive is not a backup solution

OneDrive is not a backup tool. OneDrive provides cloud storage, and there is a massive difference between cloud backup and cloud storage. They have a few things in common, like storing your files on remote hardware. But it’s not enough to make them interchangeable.

In short, cloud storage is a place in the cloud where you upload (manually or automatically) and keep all your files. Cloud storage allows you to reach files from any device at any time, making it an attractive option for workers on the go and those that work from different locations. It also allows you to manually restore files from storage in case of unwanted deletion and scale storage for your needs. While “restoring files” sounds eerily similar to backup protection, it has some fundamental faults. For example, if you accidentally delete a file in storage, or it was hit by ransomware and encrypted, you can consider the file lost. This makes OneDrive storage alone a weak solution for businesses. If disaster strikes and information is compromised, the organization will have no way to restore high volumes of data.

Cloud backup, on the other hand, is a service that uses cloud storage to save files, but its functionality doesn’t end there. Cloud backup services automatically copy your data to the storage area and restore your data relatively quickly after a disaster. You can also restore multiple versions of a backed-up file, search for specific files, and it protects data from most of the widespread threats, including accidental deletion, brute-force attacks, and ransomware.

In summary: cloud storage provides access, cloud backup provides protection.

What are the most common OneDrive risks?

All the security issues tied with using OneDrive are common for most cloud storage services. Both individual OneDrive and OneDrive for Business have multiple risks, including data theft, data loss, corrupted data, and the inadvertent sharing of critical information. Given the ease of access to documents in OneDrive, compliance violations are also a top concern for organizations that deal with sensitive data.

How can you maximize OneDrive security?

To minimize the above security issues, organizations need to follow a set of strict protocols, including:

1. Device security protocols – Several general security protocols should be implemented with devices using OneDrive. Some of the most basic include mandatory downloading of antivirus software and ensuring it is current on all employee devices. Other steps include using a firewall, which will block all questionable inbound traffic, and activating idle-time screensaver passwords. As employees return from remote work locations and bring their devices back on-premise, it’s crucial to ensure all devices have updated security and meet the latest compliance requirements.

2. Network security protocols – In addition to using protected devices, employees should be especially cautious when connecting to any unsecured networks. Before connecting to a hotspot, instruct employees to make sure the connection is encrypted and never open OneDrive if the link is unfamiliar. Turning off the functionality that allows your computer to connect to in-range networks automatically is one easy way to add a layer of protection.

3. Protocols for secure sharing – Make sure to terminate OneDrive for Business access for any users who are no longer with the company. Having an employee offboarding process that includes this step lessens the risk of a former employee stealing documents or information. Make sure to allow access to only invited viewers on OneDrive. If you share a file or folder with “Everyone” or enable access with the link, it opens up new risks as anyone on the internet can find and access your document. It’s also helpful to have outlined rules for downloading and sharing documents inside, and outside, the corporation.

4. Secure sensitive data – Avoid storing any payment data in any Office 365 products. For other confidential documents, individual users can use PV. Organizations can store sensitive data only by using a secure on-premises or encrypted third-party cloud backup service that is compliant with data regulations mandatory for your organization.

5. Use a cloud backup solution – To best protect your company from all sides, it’s essential to use a cloud backup solution when saving valuable information to OneDrive. Make sure any backup solution you choose has cloud-to-cloud capabilities with automatic daily backup. In addition, a ransomware protection service that scans OneDrive and other Office 365 services for ransomware and automatically blocks attacks is your best defense against costly takeovers.

Whether it’s preparing for upcoming mandatory regulations or dealing with the sudden management of employees working offsite, the security landscape is ever-changing. Keeping up with the latest methods to keep your company both protected and compliant is a challenge that needs constant attention. With a few critical steps and the utilization of new technology, business users can protect themselves and lessen the risk to their data.