Protect Your Office 365 Data from Breaches and Migration Errors
By John DeWolfWhile you may be under the assumption that the data you store in Office 365 is completely protected – it’s not. There are actually quite a few threats to your data. “Like what?” you ask….read on to learn how security breaches and migration errors can wreak havoc on your Office 365 data.
Security Breach + Office 365
Let’s start from the beginning: what’s a security breach?
A security breach occurs anytime an unwanted person gains access to your Office 365 account.
There are two kinds of security breaches: a “hard” breach and a “soft” breach. A hard breach occurs when the software itself is compromised. In other words, hackers have found a way to get around your defenses and get at your data. A soft breach occurs when an attacker tricks one of your users into granting him “legitimate” access to your Office 365 domain. These techniques are known as social engineering, where the attack focuses on people rather than technology.
Why Office 365 can’t stop every security breach
When it comes to hard breaches, Office 365 has so far been very successful. Unfortunately, there are no real software defenses against soft breaches. It doesn’t matter how sturdy the lock is if you give a burglar the key, and soft breaches are always about convincing you to let attackers in so that they don’t have to deal with Microsoft’s highly effective security measures.
What security breaches can cost you
If a hacker obtains an account password, he or she can effectively corrupt or delete all the data in that account. Depending on what they are able to access, the damage to your business could be minor….or huge.
How to defend against security breaches
The best bang for your buck in preventing security breaches is actually training your Office 365 users on security best practices. Being with password policies. Simple things like “don’t tell anyone your password, ever” and “check the web address of any page that asks you to log in” can stop the vast majority of social engineering attacks.
Beyond bringing your staff up to speed on good Internet safety habits, implementing Office 365 security best practices is a pretty good idea. Office 365 administrators should have backup email accounts and phone numbers in case their primary account gets locked out or compromised.
Migration Errors + Office 365
What are migration errors?
A common scenario for Office 365 users is to move content into the platform from older on-premises versions of Exchange and SharePoint, from file shares or line of business (LOB) applications, or from competing collaborative platforms. Sometimes these moves or migrations are performed with the help of third-party solutions or manually on their own. As part of this migration activity, data can be mislabeled or misplaced, resulting in lost productivity or improper handling of important information assets. Unfortunately, sometimes these applications are configured incorrectly or aren’t employed according to the developer’s directions.
When you use third-party solutions in conjunction with your Office 365 environment, you grant those applications a specific set of permissions. If an email migration solution can provision and add content to your Office 365 account, it can also delete those accounts – or populate them with the wrong data. The same problems can happen to solutions that support SharePoint Online, OneDrive for Business, or the Office suite of tools.
Why Office 365 can’t stop migration errors
Just as Microsoft can’t tell good commands from bad ones when they come from individual users, Office 365 is blind to correct and incorrect instructions from third-party solutions. For all Office 365 knows, you actually want your migration tools to overwrite all of your existing data and start fresh… Only you know the difference.
Migration errors are amongst the most dangerous threats to Office 365 data because third-party solutions can touch an entire service or an entire domain. While most migration solutions handle just part of your overall move to Office 365, all of them can affect enough of your critical business information to do serious damage not just to Office 365, but to your entire business.
How to defend against migration errors
The best defense is to have a plan – which begins with an understanding of what it is you’re planning to move, who owns it, how it should be handled, and where it should all go. The Office 365 community has plenty of information on how to plan for a successful migration to the cloud. Of course, a secure, independent backup of your data is strongly recommended, and will allow you to start over should a malfunctioning third-party solution. Consider a cloud-to-cloud backup solution to help ensure you have a second copy of your data should a migration error ever occur.
(It should be pointed out that third-party backups are, by definition, third-party solutions – and most of them require the same read/write permissions that make other solutions dangerous.)