Fight the COVID phishers: back up your Office 365!


Date: 12 May 2020

Lost and found sign at the airport

Do you think Microsoft back up your Office 365 data? Think again. Here's the service agreement:

'In the event of an outage, you may not be able to retrieve Your Content or Data… We recommend that you regularly backup Your Content and Data…'

So, in this time of mass edginess, where rafts of COVID-19-themed phishing attacks are holding organisations' data to ransom, you need to be aware that if you're running backup-less Office 365, you won't get that data back!

Here are three critical points you need to understand so you can put appropriate backup in place and ensure your data is not the next phish on the attacker's hook.

1. What's backup and what's not

Storage and versioning within Microsoft's cloud are not themselves a backup. Here's why:

  • Lack of adequate retention - Default retention in the Recoverable Items folder is a mere 14 days! Even the optional 30 days is still too short.
  • Permanent data loss - When Recoverable Items are purged (deliberately, accidentally, maliciously) that data is gone forever!
  • Limited versioning – Office 365's version count very quickly gets eaten up, potentially causing the file version you need to be irreversibly blitzed.
  • Expensive to extend – Retention Lock extends versioning – but, deviously, forces you to buy more storage!

In short, Office 365 has no inbuilt facility to enable you to reliably and permanently access your data, in the version required.

2. The right backup is not just any backup

So, Office 365 is not a backup. But not all backup suits Office 365. So, what should you look for to ensure it does?

  • Daily, automatic, comprehensive backups, covering all Office 365 data (SharePoint, OneDrive, mailboxes, folders, contacts, calendar, tasks, and whatever else you select). Comprehensive versioning is also essential, with no costly storage upgrades!
  • Security - That's a UK-based service and data centre which is safe from snooping under the US Patriot Act. It should demonstrate GDPR (ISO 27001) compliance, with Government-grade, 256-bit AES encryption to keep your data secure both in transit and at rest, using a key that only you have access to.
  • Availability, agility, ease of use. Choose a cloud solution that restores data directly back into Office 365, which is backed by UK-based, 24/7 tech support. (Spoiler: you don't get this with free or budget backup services!)

3. You need to make sure it, erm, works…

Many generic backup solutions have a known problem with Office 365 files, making it impossible to reliably achieve full backup. Quiz your backup provider on this point and request a live demo or free trial to verify that everything works as it should!

With COVID-19 amplifying the risks to your data – not only from ransomware attackers - but from accidental deletion born of the stress and the unfamiliarity of your teams' new work routine - not backing up Office 365 is actively inviting disaster.

But just as the fightback against COVID-19 started with nothing more complex than washing your hands, effective Office 365 backup requires nothing more than a browser, a handful of tick boxes and a few minutes' attention.

Every cloud, and all that…

Copyright 2020. Featured post made possible by Rob Stevenson of BackupVault

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.