The beginning of a security mindset is to acknowledge that there is no such thing as 100 percent security in the cloud. When you operate from that understanding, then your defenses are up and your offense game is on.
Here is a summary of actions you can take to get started on a path to better data protection in Office 365. They aren’t listed in order of priority, so use them as you see fit in your awareness campaigns, budget discussions, and backup vendor conversations. This summary is based on the Office 365 Backup For Dummies Veeam Special Edition E-Book.
Microsoft is not responsible for backup — you are
A common misconception people have about the value of using Office 365 is that there is no need to back up data because Microsoft does all that work.
In a software-as-a-service (SaaS) solution like Office 365, Microsoft is responsible for maintaining the global infrastructure to keep its services running. You, on the other hand, are responsible for maintaining and protecting the data you store in Office 365. You don’t own, nor do you have access to, the replicas Microsoft creates for redundancy purposes. To make copies of your data and store those copies in a separate location, you need to implement a backup and recovery strategy using a third-party solution.
Data loss is costly — don’t let it happen to you
When people you talk to start balking at the cost of implementing a third-party backup solution, remind them that a Verizon report suggests that “small” data breaches can cost as much as half a million dollars while “large” data breaches can top at $200 million!
If your business comes to a standstill because of data loss, then you also have to think about the cost of downtime. A study from Information Technology Intelligence Consulting Research concluded that the average cost of a one-hour downtime is $100,000. That’s assuming you aren’t one of the 33 percent of survey respondents who reported that a one-hour downtime costs them $1–5 million!
Beyond dollars and cents, data loss harms your organization’s reputation. It’s hard to quantify the monetary impacts of reputation damage, but I’m sure you don’t want to find out.
For such high stakes, it doesn’t take much to avoid the pitfalls of data loss. There is no shortage of backup solution vendors today, so engage one of them and save yourself a lot of grief.
Office 365 has backup gaps — close them
You can’t do much about the tendency of human beings to make mistakes, but you can help ensure that when mistakes happen, you’ll recover quickly and minimize the harm done.
More disturbing than human error, however, is the malicious intent of bad actors, internally and externally, to wreak havoc in your environment. Stolen data is much more insidious than deleted data, so make sure you have controls in place to prevent that from happening.
Understand the purpose of retention policies (Hint: It isn’t to make backup copies) so you can address this gap. If you must meet compliance requirements regarding retention, data protection, and data privacy, then that’s even more reason to start vetting your backup vendors today.
Last but not least, don’t forget data in on-premises environments. That’s usually a forgotten data source but may just be as important as data in Office 365.
Compliance is real — take it seriously
Thompson Reuters, in its 2019 “Cost of Compliance” report, states that there are now more than 1,000 regulatory bodies worldwide that send out more than 200 regulatory updates every day. And you thought the General Data Protection Regulation (GDPR) was too much!
Predictions for the next ten years related to compliance point to continuing regulatory changes and an enhanced role for compliance in business. Undoubtedly, the IT team will play a role in this new normal. So, if you’re still fighting the compliance mandate, give it up and fall in line. It is your responsibility as a data owner to govern your company data and ensure they meet compliance requirements.
One of the most anticipated changes in the compliance world is the automation of compliance activities. While that’s evolving, there is something you can do today to enhance your compliance strategy: Use a third-party backup solution to protect your data in Office 365. For starters, you can increase the scope of your eDiscovery content without spending a ton of money integrating other eDiscovery tools or ingesting content into Office 365. The way to do that is to leverage third-party backup tools.
Bad actors want to enlist your end-users — don’t let them
Pixel-perfect fake login screens, socially-engineered phishing emails, and malicious links embedded in an innocent document or email are just a few of the tricks hackers use to get your end-users to give up their credentials and compromise your environment. Guess what? That isn’t going to stop. What that means, then, is that the effort to build a culture of security and ongoing awareness campaigns need not stop either. Phishing and spoofing campaigns are successful only if end-users fall for them, so help your end-users not play a part in breaching your environment. Remember, even IT professionals fall for these scams. No one is immune.
You can read the whole Office 365 Backup for Dummies E-Book here.