What are the 6 Biggest Security Concerns for Office 365?

Nicolette Downs
by Nicolette Downs on

Many organizations don’t realize until it’s too late that they are responsible for backing up their Microsoft Office 365 data. While Microsoft provides great service for customers overall, their primary focus is managing infrastructure and maintaining uptime for users. Microsoft offer geo-redundancy to protect against site or hardware failure, so that in the event of a crash or outage in one location the environment would turn on in a secondary location and remain available to end users. This geo-redundancy often gets mistaken for a backup service—which it is not—and leaves organizations vulnerable. To avoid damaging repercussions, users should ensure they are regularly backing up their Exchange, SharePoint, OneDrive, and Teams data.

Microsoft functions as a Software as a Service platform and fits the needs of many organizations by doing so. Providing application ability and uptime to users regardless of physical location, but if the user can marry that ability and uptime with an O365 backup solution they avoid the inevitable risk of data loss. There are many benefits to having regular backups of O365 data, however the most notable is data security.

Let’s dive into the 6 biggest security concerns for Office 365 users:

1. Accidental Deletion

Human error is the most common of all these security concerns because it is impossible to be 100% immune to it. User error, like deleting a user by accident, is instantly replicated across the network, resulting in the deletion of personal SharePoint and OneDrive data. Native recycle bins and version histories included in O365 only go so far in protecting you from data loss.

There are two types of deletion: soft and hard. Soft deletions are deletions that can still be found in the Recoverable Items mailbox, while hard deletions are tagged to be purged completely and are unrecoverable. An accidental hard deletion in an O365 environment with no regular backups can result in devastating data loss.

2. Retention Policy Gaps and Confusion

O365 has limited backup retention policies that is not intended to be an all-encompassing backup solution. For instance, point-in-time restoration is not in the scope of Microsoft. It Point-in-time recovery is essential because it provides the ability to roll back to a previous point-in-time prior to whatever issue took place.

3. Internal Security Threats

Organizations can fall victim to threats posed by their very own employees, both intentionally and unintentionally. Microsoft has no way of knowing the difference between a regular user and a terminated employee deleting data, nor a way to protect against an employee unknowingly creating a threat by downloading infected files or accidentally leaking usernames and passwords externally.

Want More on the Importance of Backups for 0365?

Download the white paper for a more in-depth look at the 6 biggest security concerns for O365.

4. External Security Threats

Company privacy and security are always at risk of being tampered with by viruses and malware. External threats can come in the form of unsuspecting email attachments and sometimes catch even the savviest users off-guard. Regular backups ensure a separate copy of data exists, remains uninfected and can be recovered quickly.

5. Legal and Compliance Requirements

To meet certain regulatory standards (such as HIPAA) or amid legal proceedings, you may need to retrieve emails, files, or other data that was previously deleted. For instance, if the data belonged to a user that has since been deleted from your environment—deleting a user results in their mailbox, personal SharePoint, and OneDrive data being permanently deleted (unless there is a backup).

6. Managing Hybrid Email Deployments and Migrations to Office 365

Whether during the migration period, while transitioning for on-premises Exchange and O365 Exchange Online, or if your organization chooses to leave a portion of their legacy system in place (for flexibility and control)—there is the potential for hybrid email management challenges and subsequent mismanagement or loss of data.


Avoid all 6 with Regular Backups

Now that we’ve explored the possible data security risks, it’s easy to see how they could befall any organization using Office 365 online—and even easier to implement data protection. Regular backups will keep a secondary copy of your O365 data safe and standing-by to recover in the event of any of the aforementioned threats. Don’t wait until it’s too late, explore your options for O365 Backups today and be a hero for your organization.