Microsoft 365 is a safe cloud environment for managing your business data. It allows you to collaborate on the projects, create beautiful presentations and demos, store your data, develop applications and communicate via email and chat services. Yet, being relatively safe in the cloud, your Microsoft 365 data is still vulnerable to:
- Accidental deletions — occur when critical data gets hard-deleted. A hard deletion means that the item is permanently deleted and can’t be restored. Microsoft 365 main apps — OneDrive, SharePoint and Exchange Online have a retention period during which it is possible to restore your data. But, often you find out about the loss months later the deletion takes place.
- Malware and ransomware attacks — occur when malicious software attacks your OneDrive, SharePoint or Exchange Online. You can download a virus via email attachment or by visiting an infected website. Once a virus is activated, it can encrypt or even delete your data.
- Insider threats — occur when a disgruntled employee violates company rules and mishandles business data. Such violations may include a disclosure or theft of critical data. And worse comes to worst, an employee may intentionally delete valuable business information.
- Retention policy gaps — occur when you forget to set up a retention policy for your document, file or folder. As a result, the item gets automatically deleted by the system. Upon the expiration of the retention period, you can no longer retrieve your document from a recycle bin.
- Legal compliance errors — occur when your organization loses legal data. This type of data may include court records, medical records and business reports. Legal data is extremely important and should be provided upon request at any time.
Your Microsoft information security is your responsibility for the most part. Microsoft uses a shared responsibility model when it comes to data protection. Shared responsibility implies several main points:
- Microsoft provides infrastructure for running your business
- Some data protection responsibilities are shared
- For the most part, you are responsible for your data safety
To strengthen your Microsoft 365 data protection, take advantage of the third party antivirus solutions, Microsoft native data protection and efficient backup and recovery strategies. To tackle your Microsoft 365 vulnerabilities efficiently, follow these 7 tips:
#1 Use data loss prevention software
Antivirus solutions can protect your OneDrive for business, SharePoint Online and Exchange Online from malicious attacks. You can use a third party antivirus solution — Mcafee, or a native solution — Microsoft 365 Defender. Your antivirus software should allow you to detect and eliminate malicious malware before it corrupts your data.
#2 Take advantage of your Office 365 native data protection
Microsoft 365 has numerous data protection practices that allow you to address potential data protection vulnerabilities from the start:
- Choose a datacenter to locate your data
- Benefit from data encryption when your data is moved
- Assign admin roles to control access to your data
- Handle legal compliance data with eDiscovery
- Configure retention policies for your Microsoft 365 apps
- Incorporate data loss prevention (DLP) policies
- Set up a strong password and multi-level authentication
#3 Backup Office 365 at all times
Backup your Microsoft 365 data 24/7. No matter the cause of your data loss, efficient backups can always bring you data back. You can back up your Microsoft 365 data and store your backups at any convenient location — on premises, in the cloud or on tape. During the data loss incident, you just need to find a good backup and recover your data safely. Back up your major Office 365 apps:
- OneDrive for Business – Back up your files and folders
- SharePoint Online – Back up your SharePoint sites and subsites
- Exchange Online – Back up your mailboxes along with contacts and calendars
#4 Benefit from granular recovery
When you need to recover one or several documents, files, folders or objects, you don’t have to perform a full recovery. Instead, you can easily search your backups for the items you need. Then, you can recover just those specific items.
#5 Follow the 3-2-1 rule
The 3-2-1 rule guarantees full protection for your backups. This rule suggests preserving at least 3 backup copies. You can place two copies of your data on different storage media and one copy offsite. No matter the data loss scenario, you can always recover your data from a backup and move on with your daily tasks.
#6 Use RBAC to manage your backups
You can protect your backup data by using role-based access control (RBAC). RBAC enables only certain employees to perform specific jobs. For example, you can have a backup operator to do just the backups, and a recovery operator to perform a recovery. You can also grant a view-only access for employees who only need to read or print out documents. Limited access prevents accidental deletions, insider threats and cyber attacks.
#7 Benefit from ransomware protection
If you decide to store your Microsoft 365 backups in Amazon S3 storage, you can keep them safe with S3 Object lock. With S3 Object lock, you can make your backups immutable for a specified period of time. Once you lock your data, it can’t be unlocked before the indicated time expires. Thus, by using S3 Object lock, you can protect your information from accidental deletions, ransomware attacks and insider threats.
Cover Image by vishnu vijayan from Pixabay
The main part of the 3-2-1 backup plan is to create at least 3 copies of your data. Store 2 copies of your backup data on various storage media and 1 copy offsite.
Check this guide to efficient data protection
https://www.nakivo.com/blog/3-2-1-backup-rule-efficient-data-protection-strategy/