Businesses need to keep in mind that no system is unbreakable and that using only basic protection measures may well lead to cyber-attacks. Being a victim of cyber-attacks can lead to damage to your reputation and brand values, which will result in a loss of customer trust or other types of business.
Data protection shouldn’t be viewed as just a distinguishing feature or something to be done if imposed by the government, but a mandatory requirement for any technology or service involving data.
Watch the full webinar here
Millions of files, one big problem
As huge and capable as they are, there’s a limit to how well the team at Microsoft takes care of their O365 customers’ data. They go to great lengths to ensure that the data centers are kept cool and that the lights stay on. Tey maintain the SaaS platform, the servers, storage, and connectivity too, but your e-mails are your e-mails. And your data? Well, that’s your responsibility too. But your e-mails are backed up, right? After all, you can see some very old e-mails in your mailbox. Wrong – it probably just means you have a large mailbox with some very important content in there and even more reason to insure against loss.
Remember the 3-2-1 rule of data backups?
3 copies of your data on 2 different types of media with 1 copy offsite. This guide should apply to your O365 data too. Using O365 tools or services to hold a copy of your e-mails, Sharepoint files or OneDrive data doesn’t tick the box. It’s like backing up files on your laptop to another folder on the same hard drive. Better to use a 3rd party app to do that task, especially when it’s designed and optimised to perform the task at hand and offer swift and convenient recovery too. That’s not just us saying that Microsoft offers the same guidance. It’s written into their Service Agreement under the Service Availability section.
a. The Services, Third Party Apps and Services, or material or products offered through the Services may be unavailable from time to time, may be offered on a limited basis, or may vary depending on your region or device. If you change the location associated with your Microsoft account, you may need to re-acquire the products that were available to you and paid for in your previous region.
b. We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages. In the event of an outage or disruption to the Service, you may temporarily not be able to retrieve Your Content. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services
It’s not uncommon. SaaS providers need to focus on maintaining the application and the underlying infrastructure. It’s the customer’s responsibility to take good care of their data. After all, when you drive to the shops, the car manufacturer probably fitted locks to the door and boot but can’t force you to use them when you’re parked up. There are a bunch of reasons why we have car insurance and breakdown cover. Sometimes we have accidents, some, not our fault, some due to our carelessness. Things break. People might vandalise our cars or attempt to (& sometimes succeed) in pinching things of value. It’s pretty much the same for our data.
We need to watch out for things like:
Accidental deletion – yes, good old finger trouble. But some of these accidents occur due to insufficient time invested in training or monitoring your staff.
Organisation leavers – to keep or not to keep their data? (Is it still available if I remove their account?) An employee’s data should be kept about 5 years. Afterwards, you can decide what type of data is still relevant to keep and which one is disposable.
External threats –Most ransomware attacks target data stored in the public cloud and companies usually end up paying double the price to recover after such an attack. Malware continues to circulate at a prolific rate and remains a threat to all of us. Malvertizing, phishing and DDoS attacks can also lead to damaging results from server downtime to lost business opportunities.
Retention policy gaps – Some organisations have a duty to retain data (e-mails and files) for specific compliance reasons. This might apply to some, but not all staff and data, so a sledgehammer approach might not work. Similarly, retention policies, versioning and Legal Hold aren’t always the simplest concepts to grasp. Internal threats – Using a simple USB flash drive, any angry employee who has access to trivial data can make duplicates and release it online, or just take the entire device that it’s stored in. Natural disasters, thankfully rare, but still a consideration, can also damage devices and the data they store.