So you’re using Office 365 for your data and emails? Its a great solution and whats more, cloud based. This means I don’t need a backup, right?

We hear this a lot.

A backup by definition is an independent copy of data that can be restored if the source system or service is unavailable.

But lets not concern ourselves with the definition at this stage, lets look at the facts we have available.

Office 365 is a cloud based service with multiple redundancies and replicas of your data, but the responsibility to protect your data is still yours. It does have built-in the basic protection designed to deal with some of the occurrences which could leave you without your data, but there are things it doesn’t protect you from.

For example, if you accidentally delete an email, a file in OneDrive (or SharePoint), Office 365 does have a Recycle Bin which allows you to recover it but only for a set period of time. You’ll need to find the file or email in the the Recycle Bin or ‘Recover deleted Items’ window before it expires or before an admin manually empties it. But what if malware deletes files you don’t use that often, so you won’t notice the deletion? You’ll only be able to recover them if you notice the deletion in time. If you don’t notice in time, that data will be gone forever. In addition, if malware deletes thousands of your files, you will be spending a lot of time in the Recycle Bin locating each file and restoring (since Office 365 can only restore a single file at a time).

There is no easy method to restore your entire account to the way it looked just before an attack happened…unless you back it up. Then you can simply specify a user or folder and what point in time it needs to be restored to. One step, instead of thousands of them.

SharePoint and OneDrive also offer versioning to protect against accidental mistakes. Versioning is enabled by default in newer Office 365 accounts, but may not be enabled in your account if you’ve had Office 365 for a while. You can check whether or not versioning is currently enabled. This protects you from typical user errors, but malware may be able to change or encrypt your file more times than the number of versions you’re able to store.

An attacker intent on doing your company harm might also attempt to gain administrative access to your Office 365 account via phishing, social engineering, or even taking advantage of a vulnerability in Office 365 itself. A rogue admin can easily disable versioning. Even features like Legal Hold – which some people use for extended retention – will not stand up to a rogue or fake administrator. This is why we backup data that matters to us, and Office 365 is no exception.

Microsoft also state they do not offer a ‘point-in-time’ backup https://docs.microsoft.com/en-us/exchange/back-up-email which means if you or somebody in your business deletes a file or email, if you don’t notice in time. Its gone for good. To add to this if you use Public Folders in Exchange, there is no retention on these.

So in short – yes, we would always recommend having a backup when using Office 365. Data is one of businesses most precious assets, it pays to look after it.