The finance sector has always been one that deals with sensitive and confidential information. And as banks, credit unions, credit card companies, and investment firms continue to move online and rely on cloud-based SaaS platforms like Microsoft 365 and Google Workspaces, there is heightened awareness around data security and compliance.
That’s because the migration to these cloud-based platforms, and the cloud in general, inherently increases cyber threats and risks. In fact, the finance industry is the second most targeted when it comes to cyberattacks, with healthcare being the most targeted.
Backing Up Data Keeps Financial Organizations Compliant and Safeguarded from Threats
With strict compliance regulations to follow in regards to retention, the threat of data loss must always be prioritized.
- Compliance and regulations: The financial sector is a heavily regulated industry, and with good reason. Per GDPR and SEC regulations, financial companies are required to keep certain data for at least 7 years. If a finance company is relying on Microsoft 365 or Google Workspaces as their backup, these providers do not have retention settings to meet this requirement. In fact, it’s virtually impossible for banks to rely on native features of these platforms. Backing up your data helps keep your finance company compliant in the event there is a security breach, data loss, natural disaster or any other threat.
- Protecting critical data from cyber threats: Financial data is more sensitive than other data by nature, and needs to be protected--especially from cyber threats. Because of the kind of data the finance sector deals with, they are high-value targets of ransomware and hackers. In 2019 alone, the average cost per breach within financial services was $5.86 million. Having a backup plan, like Backupify, allows banks to better control their assets and data, and ensure critical information remains intact and protected.
- Software and hardware outages: Power outages, software outages, and hardware problems do happen, and banks need to make sure their data is backed up in any of these events. If a power or software outage with data occurs, and financial institutions don’t have the capability to roll back to previous versions of financial history would cause compliance issues.
Types of Data Financial Institutions Need to Protect and Backup
When considering the compliance standards and the cyber risks that prevail in the finance industry, it’s also important to consider the types of data that require protection. We already know that personally identifiable information needs to be guarded closely, but taking a more holistic look at all information susceptible to data loss or breaches, beyond the obvious, is also important:
- Credit cards and transaction receipts: Client transaction receipts and credit card information should always be backed up. In the event of a security breach or power outage, banks need to be able to keep track of what accounts have been compromised or had data lost.
- Billing and invoices: Having backed up records of billing statements and invoices are also important data finance companies need to account for. Not only is backing this data up a good idea, but it could also help resolve any disputes between banks, clients, or organizations they’re partnering with. The last thing banks want to deal with is missing paying an invoice or invoices owed to them. If either of these events happen, it can damage the businesses’ reputation and customer relationship.
- Internal and external communications: For any business, it’s essential to backup all company communications that are both internal and external. This includes emails, text messages, phone calls, voice messages, and any other forms of communication. Failing to back up this data can lead to gaps in communication and overall productivity. Furthermore, if a bank ever finds itself involved in a lawsuit, having all communications backed up and available could be critical.
- Client information files and records: Always having a backup of your clients’ records and information is essential for banks and finance companies. If any of this data is lost, companies run the risk of damaging their reputation and could lose valuable clients.
- Payroll and employee files and records: Employee files should not only be backed up regularly, but they should also be updated and managed as needed. Finance personnel are always subject to change, whether they have a new address, a new bank account, or no longer work for the company. In regards to payroll, backing up data can help prevent and quickly resolve issues regarding employee pay and vacation, in the event something is missed. Cloud-based backup platforms, like Backupify, offer banks the ability to manage their users and user lifecycles in an easy way.
- Property and tax records: In addition to financial information, banks and financial companies may also manage other important documents, like property and tax records. Property documents, like real estate deeds, escrow paperwork, car ownership documents, and lease payment records, should all be backed up. Tax records, both state and federal, should also be backed up, especially in the event of an audit and for any compliance regulations.
- Business administration documents: Administration files and documents are pivotal in bookkeeping and ensuring banks operate smoothly. As such, it’s important to back up admin data, reports, project plans, marketing collateral, and sales information and leads.
- Computer system files: All software and associated data used by finance company employees should be backed up. Although cloud-based SaaS platforms like Microsoft 365 and Google Workspaces provide some retention capacity, it’s not a truly reliable backup process, and may even be at odds with industry compliance requirements.
Retention and Shared Responsibility Rules to Know
Cloud-based SaaS platforms like Microsoft 365 and Google Workspaces are commonly used by finance companies for communications, file sharing, and data storage. While these platforms are convenient and easy to use, it’s key for finance companies to understand how Microsoft 365 and Google Workspaces’ retention policies, and the fact that they operate on a shared responsibility model--meaning they only protect some of your data, not all.
Understanding the Shared Responsibility Model
Per the shared responsibility model, Microsoft 365 and Google Workspaces will protect your data against:
- Service interruptions caused by hardware or software failure: In the event a software outage or failure happens, Microsoft 365 and Google Workspaces will protect your data.
- Loss of service caused by power outages or natural disasters: In the event of a power outage or a natural disaster, like an earthquake or hurricane, both platforms will cover your data.
Outside of these categories, companies are responsible for backing up their data when it comes to the following:
- Accidental deletion: If a Microsoft 365 user accidentally or unintentionally deletes data, you will not be able to recover that data--unless your company has a backup system in place.
- Hackers and ransomware: The finance sector is often the victim of cyber attacks, and can be vulnerable to data loss and encryption if a set backup system is not in place. Phishing, malware, hackers, and ransomware attacks can render a company’s Microsoft 365 data and other cloud-based SaaS platforms they use to be inaccessible.
- Malicious insiders: Leaking, trading, or deleting financial information is another risk finance companies need to plan for. In the event a disgruntled employee (past or current) has access to Microsoft 365 or any company systems, your data could be vulnerable. In fact, around 6 percent of data breaches within the financial sector are caused by malicious insiders.
Microsoft 365 and Google Workspaces also have their own retention policies. Although these retention policies offer convenience and some coverage, finance companies need to understand the limitations and risks when solely relying on retention. Simply put, retention does not equate to back up.
Microsoft 365 Retention Policies:
- Microsoft 365 will retain customer data from Word, Excel, PowerPoint, Outlook, and OneNote.
- The retention period is only 30 days for active deletion scenarios, which is when a user manually deletes data).
- The retention period is no more than 180 days for passive deletion scenarios, which is when a subscription period for a tenant expires.
- Exchange Online has both hard and soft deletions when it comes to mailboxes and emails. Soft deleted data remains in Azure Active Directory for 30 days. A hard delete occurs when a soft deleted mailbox sits in Azure for longer than 30 days.
- SharePoint Online data is retained for 93 days after being deleted from its original location. The item is then moved to the Recycling Bin, where it will remain until it is removed.
Google Workspace Retention Policies:
- With Google Vault, companies can retain, search, archive, and export email and chat messages for compliance and eDiscovery purposes.
- However, Google Vault only retains data for Mail and Drive, and doesn’t cover Calendar and Contacts.
- Retention rules can be configured to control how long email and messages and chat are retained before they are removed from user mailboxes and deleted from Google systems.
- Data is available in Google Vault for approximately 30 days before it is completely purged.
Download our data sheet - Backupify & Google Vault: Why You Need Both
Protect Your Financial Data With Backupify
The finance sector knows their data is highly sensitive and needs to be protected. Constant cyberthreats and risks pose an everyday challenge that companies need to prepare for. Even though Microsoft 365 and Google Workspaces offer some data retention and protection, they by no means provide comprehensive backup and security.
For reliable data security and backup, banks and finance companies can rely on cloud-based systems like Backupify. In addition to backup, Backupify offers retention and restoration capabilities, and data and user management, paired with robust security measures and our private cloud. Additionally, for companies that rely on Microsoft 365 and Google Workspaces, Backupify’s installation and management process for these platforms are the same.
Want to level up your security? Try Backupify today with our free demo.