5 Threats to Your Office 365 Data (and How to Defend Against Them)
As with any software-as-a-service (SaaS) platform, there are inherent risks to using Office 365. But with the right SaaS backup solution in place, you can ensure your cloud data is always protected.
Office 365 is the fastest-growing platform in Microsoft’s history, surpassing more than 155 million global users in 2018.
But while businesses have been aggressively adopting the cloud-based collaboration suite, they haven’t been as quick to adopt the appropriate backup solutions. Part of the reason lies in a lack of understanding about the risks of losing data within O365 (or any SaaS platform, for that matter).
In this post, we uncover five legitimate threats and how to defend against them with an Office 365 backup tool.
‘Wait. Are you saying O365 data isn’t safe?’
No—and this gets to the heart of where misconceptions occur around the security of data within SaaS suites such as Office 365.
When talking about SaaS data loss, there are two basic scenarios to consider:
- Data loss caused by the SaaS provider (Microsoft)
- Data loss caused by issues occurring on the user end
Spoiler alert: Permanent data loss is not likely to occur due to mishaps or breaches on Microsoft’s end. Microsoft has iron-clad security defenses and controls to keep your data from being compromised. And in the event of an outage causing data loss, they have backups to fall back on.
The far more common scenario—reported by 80% of businesses in a recent survey—is data loss occurring on the user end. And in scenarios like this, you have very limited options for restoring that data, unless you have an independent O365 backup.
Let’s dig into what these user-end threats look like.
Threat #1: Accidental data deletion
It happens in every SaaS platform, and Office 365 is no exception.
Studies have shown that nearly half of all SaaS data loss incidents are caused by employees accidentally deleting files. Ultimately, it’s the same threat that businesses face with their on-site data: users inadvertently erase important data all the time.
Specifically within Office 365, data loss can occur across its entire suite of applications. Examples include:
- Files and folders deleted from OneDrive
- Data deleted from cells in an Excel spreadsheet
- Accidentally deleted text in Word
- Emails deleted from Outlook
- Slides or other content being deleted from PowerPoint
Why do employees delete them?
Because accidents happen! But more precisely, these unintentional deletions typically occur for one of two reasons:
- Users click in the wrong areas, accidentally erasing content or deleting files/folders.
- Users intentionally delete a file they assume they don’t need, only to realize later that they actually do need it.
Office 365 does provide some limited restore capabilities in some scenarios. As Datto explains, “When a SharePoint Online administrator deletes a site collection, all data will be placed in the Recycle Bin where it is kept for 93 days.” But after that, the data is automatically deleted and the deletion is permanent—there is no rollback option.
You can help to minimize the risk of accidental deletions by implementing a “no deletion” policy at your organization – but these events will still happen. On average, a typical user deletes a critical item 3 to 4 times every year, according to Datto, underscoring the importance of an independent Office 365 backup.
Threat #2: Intentional deletion
This threat is different from the scenario above, in which employees delete files because they don’t realize they’re important.
In this scenario, users delete them because the files are important. They delete them on purpose.
Why would anyone do that?
Well, a common scenario is an employee who has been terminated from the company. Jim gets fired and it’s time to go. So he cleans out his desk and also cleans out his data. Perhaps he erases his entire Outlook inbox, which is full of important communications with customers and vendors. Maybe he deletes several shared OneDrive folders, where important accounting spreadsheets were stored. Maybe he deletes his calendar and contacts, which other employees would have needed to maintain upcoming meetings.
Even employees who aren’t fired can go “rogue” like this. For example, someone who is leaving the company for another job may carry the same resentment, even if they weren’t terminated.
How often does this realistically happen? More often than you might think. In a survey by Aberdeen Group, 7% of companies that experienced SaaS data loss said it was due to “malicious deletion” by their own users.
A reliable way to prevent rogue file deletion in scenarios like this is to simply alert your Office 365 administrator as soon as the employee’s exit is known (whether by termination or resignation). This allows you to take control of the account before any damage can be done.
Still, even with this protocol in place, your safest best is to have a backup.
Threat #3: Malware and cyberattacks
Office 365 is not invulnerable to cyberattack, particularly when it occurs on the customer end.
Are Microsoft’s data centers at risk of being hacked? Probably not (though let’s face it, no infrastructure is 100% bullet-proof). As one of the largest tech companies in the world, Microsoft has built its data centers with multiple layers of security to be virtually impenetrable. And even if an attack did get past these defenses to compromise your O365 data, Microsoft should be able to rollback to clean data from its own backups.
But what happens when the intrusion occurs on the customer end? You guessed it: you’re out of luck unless you have your own independent SaaS backup.
Here are some examples of how it can happen:
- Ransomware encrypts files in a user’s local OneDrive 365 folder, causing those files to be synced to the cloud, overwriting the clean versions.
- A phishing attack tricks a user into entering his login credentials, leading to data theft and deletion across O365 applications.
- Malware is loaded onto the user’s computer after he opens a bad email attachment. This infects his system with spyware and other strains of malware that ultimately lead to O365 data being compromised.
In each of these scenarios, the breach occurs on the customer end, not via Microsoft’s data centers. And that’s an important distinction because of how the applications interpret the commands that lead to data loss.
For example, if a hacker gains access to your Office 365 account and deletes your data, the application is simply working as designed, following the user’s command. Under these conditions, the application can’t differentiate between legitimate and malicious requests, which is why the responsibility of the data recovery falls onto the customer, not Microsoft.
Stricter office policies and training can help mitigate the risks of this scenario. For example, employees should be trained on the best practices for using Internet and email, especially when dealing with messages from unknown senders.
But again, mistakes are still bound to happen, which is why it’s safer to have a backup.
Threat #4: Botched data migrations and overwrites
Here’s where you can lose a whole lot of data in a little amount of time – and it’s a very common scenario.
Whenever you move or edit a large amount of data, you run the risk of accidentally deleting it or overwriting it. These kinds of migrations can be easily botched when they’re not configured correctly. One wrong setting and suddenly months’ worth of data is gone.
A common migration error occurs when data is moved into Office 365 from older on-premise versions of Exchange and Sharepoint, or from other sources, like file shares or other SaaS suites. In the process, data is inadvertently mislabeled, misplaced or simply overwritten.
This problem is often exacerbated by third-party tools that are integrated with O365 to perform these migrations. A few issues can arise when such tools are used:
- Misconfigured settings in the tool
- The tool itself is buggy and causes the migration errors
- Security vulnerabilities within the tool increase the risks of data being compromised in other ways
It’s not just the migration tools you need to worry about, either. Third-party integrations of any kind can lead to inadvertent data loss when they’re not configured properly. In the Aberdeen Group survey mentioned above, 17% of organizations said they lost SaaS data because it was overwritten, either by the user or via a third-party tool that wasn’t integrated properly.
Threat #5: Cancelled user licenses
We’ve already talked about the threat of rogue employees deleting data when they leave your organization. This scenario is similar in concept, except that it’s caused by the administrator (albeit inadvertently).
It goes like this: Emily from accounting is leaving the company, so her Office 365 account is no longer needed. So, the account is cancelled or allowed to expire.
But wait … nobody thought to retrieve all her important messages, OneDrive files, calendar and other data! And now it’s gone, because when the license is cancelled, Microsoft automatically deletes that user’s data.
There is no rollback option in Office 365 that allows you to retrieve data after the license has been cancelled.
Stronger protocols for managing these licenses (and transferring data to other employees as needed before the licenses are cancelled) can help reduce the risk of this problem occurring. But as with each of the threats identified above, it’s still best to have a backup.
Office 365 Backup with Backupify
Backupify from Datto provides the independent backup and seamless restore needed to recover from virtually any data-loss scenario within Office 365.
It performs automatic backups up to three times a day of O365 data, including:
- OneDrive: All files and folders, including folder structures
- Contacts: All contact data, with the exception of photos
- Calendars: All calendar events, meeting attendees, attachments, notes, etc.
- Mail: All emails, attachments, folders, etc.
- SharePoint data
Backupify is built with impressive search capabilities, which make it easy to identify individual lost files or folders, and you can restore them with just a few clicks back to the user’s account or to the administrator’s computer.
Finally, Backupify also offers infinite retention, so there’s no limit to how much data you can store or how long the backup is retained on Datto’s secure servers.
No company can completely stop the threats listed above. But with a backup in place, you can ensure your critical data is always recoverable when disaster strikes.
Get a free demo