Protecting your data in Microsoft 365
Microsoft 365 is a fantastic platform with many great benefits.
It enables organisations of all sizes to work smarter, enhance collaboration, communication and flexibility and improve efficiency and productivity. It also provides a robust level of security to help organisations protect their networks, users and data.
However, although Microsoft 365 comes with a host of advanced security and compliance features, a common misconception is that it is also responsible for your organisation’s data.
Sadly, this is not the case.
So, if you are thinking of investing in a Microsoft 365 plan, you must understand what your organisation’s obligations and responsibilities are when it comes to data protection.
It’s important to remember that although your organisation’s data sits within your Microsoft 365 environment, and Microsoft is its custodian and processor, your organisation remains the sole owner of that data.
That means your organisation retains the rights, title, and interest in the data stored in Microsoft 365. It is responsible for backing it up and ensuring it is compliant with all relevant data protection legislation, such as GDPR.
The difference between data retention and backup
Data retention relates to your organisation’s continued possession, use, or control of its data. Backup, on the other hand, means a copy of a file or other item of data made in case the original is lost or damaged.
In Microsoft 365, the key difference between retention and backup appears to be the situations in which retention or backup will protect an item of data.
Retention controls and protects the original, whereas backup keeps a copy of the original elsewhere in case the original is irreplaceably lost.
retention policies can help your organisation to comply with industry regulations and internal policies that require you to retain content for a minimum period of time, reduce your risk in the event of litigation or a security breach by permanently deleting old content, and help your organization to share knowledge effectively and be more agile.
However, none of the above relate to the backup or restoration of data following corruption, loss or problems caused by human error.
Why do I need to back-up my Microsoft 365 data?
Keeping data backed up regularly can help to protect your organisation against the following:
Misconfiguration of retention policies
Accidental deletion of emails or files where no retention policy has been applied or the retention policy has been disabled
Corruption of files within Microsoft 365 not noticed until corruption has been replicated
Compromised administrator accounts used to remove retention policies and delete data
Issues with sync functionality between devices and Microsoft 365 causing files to become corrupted
Crypto-malware attacked which go unnoticed before some files have been encrypted and replicated
As we’ve previously highlighted in this series of blogs, Microsoft 365 brings many benefits to SMEs and church, charity and not for profit organisations.
It can enable your team to work from anywhere at any time, without the need to host your own email, files and server infrastructure.
However, while Microsoft hosts your ICT environment, your organisation holds and controls the data it uses, so the responsibility for protecting it and backing it up falls on you. There are several reasons why backing up your data is important. These include:
Security and compliance
Microsoft 365’s in-built subject access request and ediscovery capabilities are designed to make it easier for organisations to respond to data subject requests under GDPR. However, while retention and high availability is vital from a compliance perspective, having a reliable data back-up solution for your Microsoft 365 environment is also important in ensuring that any of your data breached or lost, you always have access to a copy.
Without some form of back-up, this would be all but impossible.
If you delete an important document, file or email, whether you meant to or not, the deletion will be replicated across your network, and the data will be lost forever. Daily automatic back-ups of Microsoft 365 data will help protect you and your organisation against accidental deletion.
While Microsoft 365 has retention policies and some versioning controls, it doesn’t have a proper back-up utility. In the event of a user account being deactivated or deleted, a dedicated, all-encompassing back-up solution will ensure you can get any lost data back.
Internal Security Threats
Although your data vulnerable to attack from hackers, viruses and malware, it is equally susceptible to breach or loss from internal threats or simple user error. Having a good back-up solution can alleviate the risk of data being deleted or corrupted from within your organisation.
External Security Threats
Microsoft 365 offers industry-leading protection against malware – including crypto-malware and ransomware – viruses and cyberattacks. All of these can do substantial financial and reputational damage to your organisation. You can bolster the protection Microsoft 365 provides with an additional back-up solution to protect your networks, email and data from external security threats.
How do I get started?
While Microsoft 365 offers some rudimentary precautions for data protection and back-up, for proper piece of mind, your organisation should also invest in a suitable solution.
This will help keep your sensitive information safe, so it can’t be accessed, changed or shared in error, and ensure your organisation can meet all its data protection responsibilities.
AMDH Services has vast experience of setting up and configuring Microsoft 365 and additional data back-up and protection solutions to help organisations get the most benefit.
We can work with your organisation to plan and procure the best solution to ensure it meets your needs. We offer a wide range of implementation and support options to help your organisation get the most from your investment.
We can help migrate your existing applications and data to the cloud, optimise your Microsoft 365 settings and establish best practice to ensure your organisation, your data and your users are fully protected and secure.
Interested in finding out how we can help your church, charity or not for profit organisation meet its data protection obligations with Microsoft 365?