Data is one of the most precious assets of the modern business, and the most at risk. In 2019, 15.1 billion data records were exposed. And when data is leaked or stolen it results in costs and lost customer trust.
When a disaster happens, you need to have a plan B(ackup).
Backup is your get out of jail free card for when things go wrong. But Office 365 backup is something that is often taken for granted or misunderstood, the truth is only coming out when the worst-case scenario happens.
Office 365 Plan B.
Over 1 million companies with 200 million monthly users use Microsoft Office 365. The platform, a Software-as-a-Service (SaaS) offering, allows companies of all sizes, across all sectors, to create, share, and collaborate on Microsoft documents and emails from anywhere. In the age of the remote worker, this is a great feature.
The emails and documents created using Office 365 are the lifeblood of a company. Documentation (including emails) need to be highly available as well as remain confidential. If a company loses access to data because of a disaster, such as ransomware, the resulting costs can be astronomical. A report from the Ponemon Institute found that an unexpected data center outage costs $9,000 (8.250 EUR) per minute. One of the factors behind this cost is staff being unable to continue working due to lost data.
Having access to backups of email or data is a vital part of any disaster recovery program. But with Office 365 just who is responsible for creating and maintaining a backup?
Backup control and responsibility when using Office 365.
Microsoft provides Office 365 as a Software-as-a-Service (SaaS) solution, this means that the company creating emails and documents retains ownership and responsibility for them.
Office 365, as a SaaS solution, provides various in-built protection features to help reduce the risk of data leaks. This includes multi-factor authentication (MFA) for robust login and Denial of Service (DDoS) attack prevention. Because Office 365 is a service, Microsoft also offers excellent cover for areas such as datacenter redundancy and resilience.
However, data backup is outside the responsibility of Microsoft Office 365. Data backup responsibility lies squarely with the organisation utilising the services of Office 365.
There is often a misconception that SaaS products, like Office 365, do not need backups. This is not true. The documents and data handled by a SaaS product, like Office 365, is the responsibility of the organisation creating it. A responsibility that overlaps with data protection regulations, company needs, and customer expectations.
A report by analyst firm IDC into Office 365, recommends that an organisation should remain in control of data and make backup a key priority.
Why a backup strategy for Office 365 is essential?
Backups are always the responsibility of the company creating the data. Backups are important as they offer a fallback position when a worst-case scenario happens. They are your ‘get out of jail free card’. There are several reasons why backups are an essential part of any security strategy, including:
If your business becomes infected by ransomware, any documents within the reach of the malware will become encrypted. Once infected, a decryption key is offered for a ransom, often multiple thousands of euro's. Whilst Office 365 does offer some anti-ransomware protection, it is not immune to infection. If your company becomes infected by ransomware, you will lose access to encrypted documents. In 2019, there was around $7.5 billion worth of ransomware demands in the U.S. alone. The average cost of recovery from ransomware in 2019 was over $84,000 per incident.
Having a secure ransomware proof backup of your Office 365 emails and documents can save a company from the costs of a ransomware infection.
2. Accidental document deletion
Accidental deletion of documents and email happens. A survey by the Ponemon Institute into the cost of insider threats found the average cost of an accidental data breach caused by negligent employees was $307,000 per incident.
Having a robust document backup system can save on costs associated with lost Intellectual Property, sensitive email and data, and vital company documentation.
3. Malicious insider document loss
Accidents are one thing, but data is also lost by malicious actions. Some key features used during document collaboration, such as versioning, can potentially be disabled by privileged users, such as rogue Sysadmins. This can make recovery of documents complicated and often impossible. A secure backup system designed for use with Office 365 can mitigate malicious elements in data loss.
4. Using third party backup tools
Because Office 365 does not offer integral and robust document backup, a company must turn to third party tools. A 2019 report from ESG found that three-quarters of companies with a data recovery rate of more than 75%, were using a third party solution versus the built-in services or no capabilities. Clearly third party tools built for purpose, are more capable across the myriad of backup scenarios.
5. Backup to reduce fallout
Having a backup plan for Office 365 is an essential part of a modern security strategy. Backing up documents created using any SaaS platform, including Office 365, will mitigate against losses from the likes of ransomware, accidental deletion, and malicious insiders. However, to ensure that backups are robust, secure, and reliable, a third party service designed for the purpose is a best practice choice.
If you’d like to know more about how to securely backup your Microsoft Office 365, check out our online seminar on June 4th