The cost of data loss can be huge for companies depending on the industry, volume, and importance of data kept in the cloud. Moreover, experiencing some data losses (like sensitive data loss) can violate some compliance regulations and result in huge fines from authorities.
And given that it is a common practice for most companies to keep high-value and sensitive information like financial, health, or personally identifiable information in the cloud, the statistic is not on your side.
As an IT administrator, it’s your responsibility to look after users’ accounts to make sure that all data is kept safe and sound. It would help if you built an environment where the company’s data can flow safely without the risk of being lost or leaked.
You see, as much as the enterprise-grade suite Microsoft 365 is secure, it is not bulletproof when it comes to data losses and data leaks. Microsoft uses the cloud’s shared responsibility model, which literally means that its tenants share responsibility for their data security with the cloud provider. And while the cloud provider is responsible for the secure and vulnerability-free cloud infrastructure, the tenant carries responsibility for their data.
Based on this, you can’t rely completely on Microsoft 365 inbuild policies and features if you want to secure and recover your data (read more about Office 365 recover deleted items.) What should you do then? Well, there is a set of activities that work in a compound.
But before we get to them, lets quickly review the main reasons data can be lost in the cloud.
- Human mistake (accidental deletion).
- Insider Threats (intentional deletion)
- Incorrect migration
- Ransomware
With this in mind, let’s see what you can do to protect your Microsoft 365 account from these four things to occur.
Set Up Data Loss Prevention Policies in Microsoft 365
First and foremost, you need to enable and customize inbuilt Microsoft 365 DLP policies. These policies give IT admins tools that help to comply with data protection regulations like GDPR by protecting sensitive information from deletions or sharings. Here is what you can do thanks to well-customized DLP policies:
- Identify and segment sensitive data by types.
- Limit access to sensitive data (or some types of it) to selected groups of users so they couldn’t share or delete these data
- Conduct monitoring of sensitive data both in the cloud environment and on desktop apps like Excel
- Use eDiscovery to chose a period and specific types of data you need to place a hold on and retain for a legal case (this function is available for Microsoft 365 Enterprize subscriptions only)
You can set up these policies by visiting Microsoft’s Security & Compliance Center.
- Log in to your Microsoft 365 using your admin credentials
- Go to Admin centers and navigate to the Security & Compliance center
- Chose Data loss prevention section and then Policy
- Click on Create a policy
Here, you can build as many specific policies for individual cases and groups of users as you need.
Backup Your Microsoft 365 Services
Backing up your data is essential if you don’t want to lose it. It doesn’t matter how many policies you set up. Weather eDiscovery is available in your subscription model or not, or have you set up your policies or not, none of these native Microsoft instruments would be able to restore a high volume of deleted or encrypted data. In the case of eDiscovery, you can use it only to retain and find some specific information in case of some legal processing. Which means it is no backup.
External backup is your safety net when it comes to data loss prevention. It lets you restore deleted, lost, or encrypted files and folders in terms of minutes (hours, if the volume of data is very high). Only by backing up your employees’ data, you can secure it from all kinds of threats we listed above. Plus, you’ll reduce the downtime drastically, which is a huge money waster.
You can deploy an on-premises backup system, or you can choose a third-party cloud-to-cloud backup provider. The choice depends solely on your company’s needs and capabilities. But we would opt for the cloud-to-cloud Office 365 backup solution.
Here is why cloud-to-cloud beats on-premises:
- No overheads. You don’t need to set up and deploy hardware and software and hire a team of professionals in order to do that. With cloud backup, it is always easier
- Higher scalability. You can start from 5 users, scale to over 500, and then go back to 300 in case you need to with no headache whatsoever.
Transfer Account Data Before You Delete a User
Deleting user accounts is a common practice in organizations; moreover, you may need to delete accounts on a regular basis depending on the workforce turnover that is specific to your organization. The problem that is tied to this process is the risk of losing valuable data.
Depending on what note an employee is leaving your organization there may be risks of them deleting their account data before their leave. Not all employees do that, but there are many cases of embittered ex-employees who wants to hurt the organization that fired them.
That is why you must make sure that data has been transferred to a new account or has been reliably backed up before you officially say goodbye to an employee. This way, you’ll secure your Microsoft 365 data from accidental or intentional deletions and the workflow won’t suffer.
Do all that, and you’ll maximize the chances that your data in Microsoft environment remain safe and sound!