So you’ve decided to back up your organization’s Office 365. You already know that backup is the only way you can avoid the notorious repercussions of data breaches and losses occurring every day. Therefore, the Microsoft Office 365 disaster recovery plan is your must-have.
Maybe you are also aware that Office 365 provides its built-in layer of data loss prevention tools and are planning to use them.
But since Microsoft’s backup environment is pretty entangled with multiple policies, you may end up with many unanswered questions. As it is said, “ignorance of the law is no excuse,” and the misunderstanding of how the system works will eventually lead you to make mistakes, such as failing to protect your sensitive information from unauthorized access. And these mistakes can spill massive data losses for your organization.
This article is intended to save your time and energy and the company’s money by avoiding some underwater stones. Here are five widespread mistakes IT admins make when backing up Office 365 data.
Try disaster recovery solution for Microsoft Office 365Get SpinOnes
Table of Contents
Office 365 Disaster Recovery Plan Mistakes
1. Forgetting to Set Up Litigation Hold/Retention Policy
Microsoft has policies that are set by default to hold your data and let you access it for some time after the deletion. After this time permanently deleted files will be gone forever.
Forgetting to set up specific rules for data preservation can be fatal for the company’s data unless you are backing them up already. And yet, many administrators make this mistake.
To avoid this mistake, you must first prepare a Data Governance Policy (DGP), if you still don’t have one. This DGP determines which type of data you must store for which period. Usually, it depends on compliance regulations for your industry and the individual company’s needs.
With this information in mind, you can create custom Retention and Hold Policies for the company’s data. These policies won’t help you restore your data easily but will make sure you can at least access them in the case of a disaster.
2. Confusing Microsoft 365 Data Backup with Office 365 Data Preservation Tools
Microsoft Office 365 has a lot of tools that may be handy in saving data. Some of them are manual, and you can read more about them in the article about cloud backup for small businesses.
Here we are talking about the eDiscovery and Preservation Hold Library that are often mistakenly considered as native Office 365 backup tools. With their help, you can preserve Office 365 data – emails, team chats, SharePoint, and OneDrive files, – for a certain period for legal purposes.
But here is what you shouldn’t be mistaken about: with those tools, your original data is not copied – it is moved to long-term storage. You can still access and extort them in case someone deleted these data. But if you or somebody else have removed the user from the system, their data will also be erased from the Litigation Hold (eDiscovery) and sink into oblivion.
This factor represents a severe risk in case of a successful brute-force attack or account hijacking. If a hacker cracks a user’s password (81% of data breaches happen because of poor passwords), they can delete the account with all data. If it happens, eDiscovery or Preservation Hold Library won’t help you restore the data.
3. Thinking That You Can Easily Restore Data Through eDiscovery
The mistake that costs many admins their time and works efficiently.
If you set data on hold with Litigation Hold or Retention Policy, you can access data through E-Discovery even if someone deleted it. You can search for any files and export them.
But you may confuse the export function with the restoration, while the difference is significant. For example, if you have 50 emails deleted from the Recoverable Items folder, to restore them to the initial location with the eDiscovery you have to:
- Manually search each of the 50 emails
- Export each of them in PST format to your computer
- Upload them one by one to the initial folder.
You can read more on how to recover deleted items in Office 365 with eDiscovery here.
The same system works for all Office 365 data covered by Litigation Hold. This system leaves you with a ton of work in case of deletions or ransomware. And they happen all the time. So be patient, especially if your organization generates high volumes of data and needs to restore it quickly in case of an emergency.
If the ability to quickly and easily restore data is crucial for your work (which is for most IT admins), you should opt for a professional Office 365 Disaster Recovery cloud backup service like SpinOne. It will save you many hours of tiring work and provide you with much better results.
4. Keeping All Eggs in One Basket
A recent Amazon AWS data loss incident clearly shows: even public cloud giants can suffer unrecoverable data losses. A power loss, an earthquake, an outage, or a professional hacker attack can destroy your data with no hope for restoration.
Just imagine that you and other users can’t access data because of a shutdown of Microsoft data centers. If something happens with data centers, it puts all data your company relies on in jeopardy.
Trusting all your valuable data to one cloud storage provider is like keeping all eggs in one basket: if the basket falls, all the eggs are crushed.
To avoid this scenario, you’d better spread your data copies across several cloud storage providers. For example, your company has one Microsoft Office 365 data backup represented by eDiscovery archive in the Microsoft Azure cloud storage. But you can also use another third-party Microsoft office 365 backup solution that stores data on the Google GCP or Amazon AWS clouds. By doing so, you will diversify your data and increase your chances to keep it safe in the case of disaster.
5. Not Having a Plan for Leaving Employees and Their Data
When employees leave an organization, you are the one to manage their data. Since data security hugely depends on how you approach their exit, planning is everything.
Knowing how to take care of leaving employees’ data is crucial when you are planning your Office 365 backup policy. If you forget about this, your company may end up losing data.
In one of our previous articles, we described how to plan an employee exit in detail.
Here are two things you should remember:
- Keeping the user account activated to keep the data will cost your organization at least $20 / month per license.
- Deleting the user account means erasing all the eDiscovery archives attached to it. After you delete the account, the data on it is lost.
This leaves you with two options:
- Manually migrate data from the account of a leaving employee to the new employee’s account. This is a tricky task and takes a lot of time, especially with high amounts of data involved.
Also, don’t forget that you shouldn’t share some information with a new employee. Some of the data may contain details that shouldn’t be disclosed by third parties. But it can be hard to exclude these files or messages manually when you are migrating lots of data.
- Back up data with SpinOne. If you have your data backed up, you don’t have to migrate it anywhere – everything is safely kept in the cloud and ready for restoration 24/7. But in case you still need to migrate data between Office 365 accounts, you can do it in one-two-three using SpinOne.
Avoid these mistakes; always back up your data, and make your work easy and enjoyable!