The ransomware threat to Microsoft 365

microsoft 365

Is your data backed up?

As we all know the loss of data can be catastrophic. Consequences can include financial penalties, damage to your brand reputation, and the potential for days or even weeks of lost revenue. This makes it imperative to safeguard your data wherever it’s located, whether applications are running on-premises or in the cloud. And the fastest growing threat to your data is ransomware. In most recent cases, the goal of these attacks was to maliciously delete data—once the data was compromised, the attackers offered no promise of recovery. 

A lot of our customers ask us: Do you have to back up Microsoft 365? If like many others you thought that Microsoft automatically backed up Microsoft 365, then this blog is for you. 

The Microsoft 365 reality

You are responsible for backup and recovery of your Microsoft 365. SaaS providers such as Microsoft offer disaster recovery against data centre outages, but do not guarantee against accidental deletion, virus or malware, hackers, or ransomware attacks.

In addition to protecting your data from attacks, regular backups of your Microsoft 365 environment can ensure compliance with regulatory requirements for email retention and data accessibility.

As the adoption of SaaS offerings continue to grow and data moves to the cloud, Microsoft 365 is the foundation of many organisation’s business-critical operations. The ramifications of compromised Microsoft 365 data range from inconvenient to disastrous.

In April 2019 Microsoft reported that Microsoft 365 commercial now has 180 million users. This marked a monthly gain to around 4.16 million users since the last number (155 million) was reported in November 2018.

Did you know that Microsoft 365 guarantees the availability of your data, but not the protection of it?

If you’re using a cloud-based productivity suite such as Microsoft 365, the impact from a ransomware attack can be multiplied. If a user’s computer is affected by ransomware, all work-related documents, folders and other important business data are encrypted. If the files are stored in SharePoint Online or OneDrive for Business, the infected files will overwrite those files immediately on the next sync cycle, potentially impacting other users sharing the same files, even if they themselves have not been infected.

If a user’s email data is targeted by ransomware, it is possible that the attack will also overwrite files. If email or file data has been targeted by ransomware, it’s important to disable Active Sync and pause OneDrive for Business syncing. Version history and other archival mechanisms can be used to get files back, but this is not a complete solution to recover data after a ransomware attack. Keeping a separate, offline backup of the data and having a good recovery plan is necessary to help restore vital data following a ransomware infection.

The key to protecting data stored by SaaS applications, such as Microsoft 365, is proper planning. You need to have well-defined data protection processes in place before an attack happens. Ransomware does not discriminate and is not selective on who it targets; so even if you are a small business this does not mean that your applications are safe. Having a second, secure copy of data is always a best practice, even for data that resides in the cloud. A well-designed and well-implemented backup solution can mitigate the negative effects of a ransomware attack.

Protection and security for Microsoft 365 data is becoming essential. Alternative backup solutions are available that can help you recover corporate data stored in Microsoft 365 quickly and effectively from a point prior to a ransomware infection.

As with the many other malware threats, ransomware continues to evolve. Hackers are becoming more sophisticated, and there is a real need to protect corporate data residing in the cloud.

6 reasons why backing up Microsoft 365 is critical

  1. Accidental deletion: If you delete a file or folder, that deletion is replicated across the network. Microsoft has no way of knowing if you meant to delete a file or not and if that file is in a shared site or on Microsoft teams then it is deleted for everyone, not just the user that deleted it. A backup can restore that user, either to on-premises Exchange or Microsoft 365.
  2. Retention policy gaps and confusion: Microsoft 365 retention policies are hard to keep up with, let alone manage. A backup provides longer, more accessible retention all protected and stored in one place for easy recovery.
  3. Internal security threats: Many businesses are experiencing threats from the inside, and they are happening more often than you think. Having a high-grade recovery solution mitigates the risk of critical data being lost or destroyed.
  4. External security threats: Malware and viruses have done serious damage to organisations. A backup can easily restore mailboxes to an instance before the attack.
  5. Legal and compliance requirements: Ensure you can retrieve mailbox data during legal action and to meet any regulatory compliance needs.
  6. Managing hybrid email deployments and migrations to Office 365: Whether you are migrating to Microsoft 365 or have a blend of on-premises Exchange and Microsoft 365 users, the exchange data should be managed and protected the same way, making the source location irrelevant.

The key takeaway is that it’s imperative that your data is compliant, encrypted and backed up but we also understand that organisations are in different stages of their cloud journey. Did you know your backup can be stored in the cloud, on-premises, or a combination of storage locations? If you choose to back up Microsoft 365 (and we think it’s a no brainer!), we can help you to find a solution that best meets your business needs and ensure maximum availability and resilience for your data, wherever it resides.

If you have concerns about the back up of your SaaS and on-premise data, please get in touch.