SharePoint as a security risk with careless handling

Known and threatened – Microsoft SharePoint is ideal for virtual collaboration. However, careless handling of security turns it into a virus slingshot. Collaboration tools are popular for communicating with each other across multiple locations. However, without anti-virus protection, compromised files can accidentally upload to the SharePoint server, thereby infecting the entire database.

“Buyers of IT security products shouldn’t just focus on clients and email servers, Particularly SharePoint servers are a latent danger. Very few users are aware of this. An investment in malware protection would be money well spent.

Microsoft consulting firm have long warned that organizations neglect and underestimate the issue of security on SharePoint. Cybercriminals use malware to attack more and more often and with more tricks. For example, without anti-virus protection, users could accidentally upload compromised files to the SharePoint server, thereby infecting the entire database. In the worst case, the information hub would even become a virus slingshot – SharePoint then lives up to its name.

The problem with SharePoint security

Classic antivirus software, such as that used on clients or file servers, does not help on SharePoint. The interaction of virus scanner and database structure hardly works here. The content stored in SharePoint is stored in a large database. Each access of a user changes this. A conventional antivirus solution on the SharePoint server completely checks the database for each change. The virus scanner treats it like a large file that has to be checked again if modified. This would lead to huge performance losses and practically paralyze the system.

For this reason, in practice, no antivirus solutions are often installed on the server or parts of the database are excluded from the scan. This approach is justified by the fact that all clients protect themselves. This means that non-unsafe information cannot get into the database or onto the server. However, this becomes problematic as soon as external parties access SharePoint. One cannot automatically assume that their IT security precautions have the optimum security level.

IT administrators face a dilemma. Because Microsoft will no longer continue its antivirus solution Forefront Protection for SharePoint or will not offer it for SharePoint 2013. Forefront Online will only be available for the online version – Office365. Instead, Microsoft relies on third-party antivirus solutions for SharePoint 2013.

For companies, this means that they have to take care of adequate virus protection themselves. But the expectations are high: IT administrators demand that the product hardly eats up resources, does not affect performance and can be administered remotely. Excellent detection properties and few false alarms (false positives) are taken for granted.

The security software manufacturer ESET is one of the few providers that offer malware protection for Microsoft SharePoint 2013 and meet the requirements mentioned. The security solution uses a trick: it works “within” SharePoint and constantly checks changes to the SharePoint database. This means an enormous increase in performance because the database does not have to be analyzed completely. The basic principle of operation proves its effectiveness in protecting Exchange servers.

Dangers are often underestimated

However, malware is not the only SharePoint threat. Three other problems cause headaches for IT administrators:

Access security: In practice, many external people, such as customers, partners and suppliers, often have access to SharePoint. The extent to which they are aware of IT security and behave accordingly is questionable.

Access: Access control is often only controlled via static user names and passwords. Two-factor authentication is rarely used, if at all.

Data security: A lot of information leaves SharePoint and thus also the control area of the company. It is uncertain what external parties will do with the data and whether they will follow the prescribed security guidelines of the SharePoint operator.

More security on the SharePoint server

Against the background of the current security scandals, companies should question the security of their SharePoint servers. If you rely on virus protection and access control, you can use this procedure to increase security quickly and easily:

Minimize risks: Has everything been done technically for security (cleanly structured network, use of firewalls, NAT, etc.)? Have security gaps been closed, patches installed, and updates made?

Secure IT components and keep them away: Databases, web servers, SQL servers and smartphones must be secured. Backups should be made regularly.

Switch off superfluous functions: Not everything that SharePoint offers in terms of functions must also be used.

Limit access: This applies to the group of people as well as to the content. Well-thought-out policies are the be-all and end-all.

Defining content: Information that is not required should not be on SharePoint in the first place.

Content rights system: Not everyone needs to know everything. Access to sensitive data should be granted individually to each person or in larger companies via roles.

Work instructions and training: The security awareness of all users is considered a decisive factor for malware-free operation. Regular training courses help everyone involved, including administrators and managerial staff, to minimize the risk potential.

Reduction of “Bring Your Own Device” strategies: Not every trend is good and makes sense. Experience has shown that privately used notebooks, tablets or smartphones are exposed to a higher risk of infection because security policies are often not observed very much. This makes them a perfect gateway for malware in SharePoint environments.


Al Rafay Consulting is a team of SharePoint experts who have the on-field experience to handle all sorts of potential problems that can a threat to your data management and collaboration system. As a SharePoint Consulting company, we recommend you take professional advice from us to be safe and productive in your working projects.