Reasons to backup Office 365

Third-party services are important for backing up Microsoft 365 because they offer a more reliable and secure way to store and protect your data. These services can provide additional features like automated backups, versioning, and the ability to restore data quickly in the event of an emergency. Additionally, third-party services can provide more control over your data, giving you the ability to set policies and control access to your data.

Below are eight reasons why backing up Microsoft 365 is so important.

1. User error (0r) malicious intention

According to Data Center Knowledge, human error is one of the leading reasons for data loss. Employees in your organization might delete a file on the OneDrive due to different reasons:

Accidental deletion: If they get a notification for running out of space, they might clear the OneDrive files by removing documents that are old or seem less important to create space. They also might delete old emails that might contain important attachments of data. This kind of data could get lost forever unless they backup Microsoft 365 data.

Removing duplicate files: Despite the collaborative feature of OneDrive, employees create duplicate files for various reasons like sharing outside their department or even outside their domain. Sometimes, they might accidentally delete the original version of the file while trying to get rid of duplicates. 

Malicious intentions: Disgruntled employees may sabotage or delete critical files. Sometimes, by the time the damage is discovered, it might be too late to revert or recover it. A Microsoft 365 backup solution, on the other hand, would have multiple iterations of the same file, making it easier for you to restore.

2. Phishing and ransomware attacks

Do you know how ransomware attackers gain access to your data? They use a cloned email with a virus attachment and send it to the members of your organization, impersonating an employee or a business contact. Even if almost all of them recognize it as spam, a single click by an unsuspecting employee is all that’s needed to infect the entire organization! After gaining access, the attackers encrypt your data and give you instructions to pay the ransom. The worst part is if you fail to make the payment by the specified deadline, they can wipe out the entire data. According to Bleeping Computer, a phishing attack had happened through emails that had claimed to be “undelivered.” Once the recipients clicked on the “Send Again” button, they were redirected to a phished web page that resembled the Microsoft login page. When the users tried to log in, they unknowingly gave away their passwords, leading to account compromise. 

Did you know? When you backup Microsoft 365 data with SysCloud, your backup archive is automatically scanned for the presence of ransomware?

3. Malware and virus entry via OneDrive sync client

Microsoft has the provision for downloading and syncing your OneDrive data to a desktop – and vice versa – through a tool called OneDrive Sync Client.

Although you can use this feature to access your Microsoft 365 files and data from anywhere, store and sync them, there are vulnerabilities associated with its usage.

In case your desktop gets affected with malware or virus, the OneDrive Sync Client – if it were configured to sync immediately – could immediately infect your OneDrive files on the cloud, spreading quickly and corrupting your data.

4. Limitations of eDiscovery

The Microsoft 365 eDiscovery tool is generally used for legal and litigation purposes: to identify and retrieve archived organizational data to be used as evidence for legal cases.

Even though you can create hold and search for data in the mailboxes and Sites, the eDiscovery tool is meant only for archiving and retrieving business data.

Moreover, it cannot be used for holding, searching, or retrieving OneDrive data.

So, using the Sync Client or a third-party application are your only available options.

5. Limited storage and email retency

When an employee leaves your organization, the IT administrator would ideally back up the Microsoft 365 account data and reuse the license.

Even though you can take a manual backup by using the Sync Client to transfer and save it in a different location, you cannot restore it back into a Microsoft 365 account with the same sharing permissions!

Besides restoring an account data with its sharing permissions, a third-party backup solution can provide cross-user restore – place data into any user’s account, usually the manager’s account for easy retrieval.

One more fact to consider: if that ex-employee is the sole owner of a file, you might lose it forever

6. Outage and shutdown

SaaS outages are more common than you think. According to recent reports Azure suffered a massive outage for two days in October 2020 during which people were unable to access their data. Imagine being unable to access any data during the downtime?

So, unless you are prepared with a Microsoft 365 backup solution, you cannot always expect your data to be available all the time just because it is in the cloud. 

7. Third-party application illicit consent attack

Have you installed any third-party application on your Microsoft 365 account? Are you aware of illicit consent grant attacks designed to steal your data? Wondering how?

Once the application is installed, the attackers either launch a phishing attack or insert illicit code into a website and trick you into granting access to your account. The worst part about this kind of attack is that the normal account recovery steps such as resetting account passwords or even completing Multi-Factor Authentication (MFA) for accessing the account will be ineffective, as these actions are carried out by third-party applications that are external to the organization.

In the image given below, Trend Micro explains in detail how open authentication is misused by attackers in launching attacks.

For information on how to prevent illicit consent grant attacks, click here.

8. Lost or stolen devices

Some companies – especially small to medium enterprises – have a BYOD (Bring Your Own Device) policy. This saves office expenses as well as provides ease of use to the employees, who can access their data anywhere at any time as they use their own device. The flip side to this practice is that if the device gets stolen, it could lead to a leak of critical business data. Besides accessing data on the desktop, if the employee had kept the device logged into their online account, it could lead to phishing, or worse, a total wipeout of your complete business data!

According to PC World, EMC and Hartford hospital had to pay $90,000 for a stolen laptop containing medical data of 8,883 people! Such high is the cost of losing data, which could have been prevented by encryption and recovered by using a backup solution.

9. Employee overwriting data

Have you installed any third-party application on your Microsoft 365 account? Are you aware of illicit consent grant attacks designed to steal your data? Wondering how?

Once the application is installed, the attackers either launch a phishing attack or insert illicit code into a website and trick you into granting access to your account. The worst part about this kind of attack is that the normal account recovery steps such as resetting account passwords or even completing Multi-Factor Authentication (MFA) for accessing the account will be ineffective, as these actions are carried out by third-party applications that are external to the organization.

In the image given below, Trend Micro explains in detail how open authentication is misused by attackers in launching attacks.

For information on how to prevent illicit consent grant attacks, click here.

10. Outlook native features

There are several options in Microsoft Outlook to back up emails: email forwarding, email export, and auto-archiving using IMAP settings. Even though you can use any of these features to back up your emails, you have to go through the tedious task of setting it up – which might include a lot of steps – and even manually enabling the backup every single day if you are using the export option.

In addition to being complex, it is also not a reliable option as there are various other issues like outages and data restore complications.