Last Updated on 19/06/2022 by TheDigitalHacker
You’ve made the switch to Office 365 to reap the benefits of the cloud.
It is just as important to ensure that your data is secure in the cloud as it is on-premises. It is critical to comprehend the actions required to guarantee total safety for your Office 365 data.
Office 365 offers full platform protection to secure your data from hardware and software concerns, as well as disaster recovery.
Unfortunately, there are more methods to lose data that you must defend against. This is where Spanning Backup for Office 365 comes in.
Even if you take every step to secure your firm, a ransomware assault is still possible. Ransomware is huge business, and Microsoft 365 is an ever-increasing target for sophisticated assaults in today’s security landscape.
Organizations recognize the need of backing up their on-premises data, but many fail to back up the data they create and share via software-as-a-service (SaaS) platforms like Microsoft 365.
All of those contacts, spreadsheets, email attachments, marketing and sales strategies, and other corporate data stored in Exchange, OneDrive, SharePoint, Teams, Excel, and Word require you, the content owner, to take extra precautions to safeguard them.
The Microsoft 365 platform, for the most part, contains built-in protection methods that assist keep your data secure. However, there may be some gaps. For example, difficulties might develop when a file is destroyed mistakenly and remains unreported.
Microsoft keeps a recoverable items queue for 14 days and can extend it to 30 days, however if you don’t know the deletion occurred, retrieving the deleted file after the 14 or 30 days can be challenging.
Another example: OneDrive’s native restoration mechanism allows for a 30-day rollback to any point in time; however, all files are rolled back to that point in time. When just one folder has to be retrieved, all new data after the specified restore point is recovered.
The steps in this article will offer you the best chance of recovering data and stopping the spread of illness inside. Consider the following factors before you begin:
- Data deletion: When it comes to data security, users pose a big danger. If an end user deletes data by accident or deliberately, or “lost” a folder, there is no straightforward method to recover it.
- Ransomware, hackers, & malware threats: Malware and cyber-attacks are becoming the most serious hazards to company data. As seen by recent ransomware attacks, data saved in the cloud can be just as vulnerable to criminality as data held on premises because at the end, cloud is formed of independany servers.
- There is no assurance that paying the ransom would allow you to access your data again. Indeed, paying the ransom may make you a target for another ransomware.
- Whether you have already paid but recovered without utilizing the attacker’s solution, contact your bank to check if the transaction may be blocked. We also urge that you notify law enforcement, fraud reporting websites, and Microsoft, as detailed further in this post.
- Sync and configuration errors: Even a minor sync error or ‘fat finger’ when setup Office 365 might cause inadvertent sync issues that delete or corrupt your data.
1. Check your Default backups
If you have backups, you should be able to restore the encrypted data after removing the ransomware payload (malware) from your environment and ensuring that there is no unauthorized access in your Microsoft 365 environment.
You can skip this step if you don’t have backups or if your backups were also damaged by the ransomware.
Recognize Your Options
- Recognize Your Options: This feature allows customers to have more mailbox storage capacity. However, search capabilities are severely limited (you must know the name of the item you are looking for) and the “Recover Deleted Item” option is not available for things kept in the archive.
- Recycling Bins: Microsoft’s native recycle bins allow users to repair mistakes, however they are not foolproof, still allow end users to remove data, and are frequently difficult to use.
- Disable Exchange ActiveSync and OneDrive synchronization.
The important goal here is to halt the dissemination of ransomware-encrypted data. If you think that email is being encrypted by ransomware, temporarily disable user access to mailboxes. Exchange ActiveSync synchronizes data between devices and mailboxes in Exchange Online.
See How to disable Exchange ActiveSync for users in Exchange Online to disable Exchange ActiveSync for a mailbox.
To disable other types of access to a mailbox:
- Enable or disable MAPI for a mailbox. (Article)
- Enable or Disable POP3 or IMAP4 access for a user (Article)
Stopping OneDrive sync protects your cloud data from being updated by possibly compromised devices. See How to Pause and Resume Sync in OneDrive for additional details.
- Get rid of the malware from the afflicted devices and recover
Consider cloud-to-cloud solutions that are specifically built to backup and recover Office 365 data. Backup and restore functionality offers a low-cost and dependable storage and data protection option for your crucial Office 365 data.
- Automated, daily, and on-demand backup: Spanning Backup for Office 365 backs up your vital data every day, storing it in a separate place and keeping it secure.
- Point-in-time and granular restore: Restore your data from any point in time, exactly as it existed in Office 365 before to the loss. In the event of ransomware or virus, users may simply restore files to a point in time prior to the assault. Spanning Backup for Office 365 is SSAE SOC2 certified. It complies with industry regulations such as HIPAA and FERPA. Spanning has data centers all around the world to satisfy clients’ data residency and sovereignty needs.
Spanning products are meant to be intuitive and clear, with little to no training required. IT administrators benefit from a’set it and forget it’ design paradigm that automatically secures your data in the background and can be restored with the push of a button. We also enable end-users to back up and restore their own email, calendar items, OneDrive, and SharePoint, which improves everyone’s day if a document is lost.
2. Recover files from a wiped-out computer or device
After you’ve done the preceding step to remove the ransomware payload from your environment, you may try to restore your local files and folders using File History in Windows 11, Windows 10, Windows 8.1, and System Protection in Windows 7.
- Some ransomware will also encrypt or erase backup copies, making it impossible to restore files using File History or System Protection. If this occurs, you must use backups on external drives or devices that were not impacted by the ransomware, as indicated in the following section.
- If a folder is synchronized to OneDrive and you aren’t using the most recent version of Windows, File History may have certain limitations.
3. Use a service that offers this as a dedicated service
This offering doesn’t apply to individuals or micro-businesses but to a bigger giant where dedicated employees and specially built software are deployed to keep your data safe.
Disaster recovery office 365 by HornetSecurity is one of the dedicated client services for data security.
Follow the best practices for data protection
- Utilize Multi-Factor Authentication
Multi-factor authentication (MFA, also known as 2-step verification, 2FA, or 2-factor authentication) is a simple technique to add quick security for all users that can help avoid most hacks or unauthorized invasions.
Multi-factor authentication for Microsoft Office 365 security employs an authentication app placed on each user’s phone, which generates a code when the user attempts to sign in on their computer. To log in, they must authorize the sign-in request on their phone, preventing hackers from entering unnoticed.
Businesses may implement this by enabling MFA, and each user will be requested to finish the configuration the next time they sign in.
Resource: Wikipedia 2FA
How to include 2FA in Office?
- Improve Your Malware Defences
As a Microsoft subscriber, you can receive an alert when a ransomware assault occurs. You may also restore your files to the point before they were impacted, as well as your whole OneDrive to what it was before the incident. Within a 30-day period, you can reactivate your OneDrive for Business files.
Blocking specific file extensions protects against more than simply ransomware. You may also strengthen your Microsoft Office 365 security by enabling an anti-malware policy from your Microsoft 365 administrative dashboard.
There, you may choose which file extensions are permitted to pass through and which are not. If your organization does not exchange software by email, blocking.exe,.bin, and other program file types is a simple approach to ensure that they do not reach your employees, supervisors, and other personnel.
Malware, on the other hand, may be found in Word documents (.docx), PDF files, and other more prevalent file extensions that your firm is likely to utilize on a daily basis. Although Microsoft Office 365 security tools are designed to detect suspicious email attachments, education is an important component in ensuring that your organization’s data is not compromised.
- Rights Management can help you protect your documents.
Increasing security to prevent unauthorized intrusions protects your users from potentially hazardous inbound information, but you must also safeguard files that your business sends out into the world, saves to a user’s own cloud storage, or copies to other sites.
Using Rights Management for Microsoft Office 365 backup and security allows you to ensure that your organization’s files are secured even when they leave your systems and enter the outside world. Rights Management may also secure other supported file types in addition to Microsoft Office 365 files, allowing you to safeguard a wide range of data regardless of where it ends up.
An email attachment meant solely for authorized users that is distributed to people outside of your business is an excellent example. While everybody may see the email content, only those with permission can open the protected file.
Resource: Permissions in Office 365
- Utilize Message Encryption Options
If you use Outlook or Outlook.com, you already have certain encryption tools built in for sending confidential emails. With a layer of encryption, these capabilities can prevent emails from being shared or sent to persons outside of your business.
You may set up unique domains for clients, vendors, and others so that recipients can see the emails you send, as well as deactivate domains for businesses that shouldn’t have access. When you activate Office Message Encryption, you must login in to see encrypted communications or provide a password if you want to receive an encrypted email to a personal email account like Gmail or Yahoo.
Resource: Encryption in Office
- Create strong passwords
There are several recommendations on the Internet concerning what defines a strong password. Employees should be reminded to avoid reusing passwords for both work and personal accounts in addition to following these guidelines.
Another hazardous behavior is using the same password for several accounts, which is still widespread among many employees. If, for example, you use a service that is hacked, your email address and password are exposed on the Internet.
A malicious individual attempting to get access to one of your Microsoft 365 accounts might use the compromised password to determine if it has been used elsewhere.
According to a survey by the Ponemon Institute and IBM Security, the average cost of a data breach in 2019 was assessed to be $3.92 million. Data breaches at high-profile organizations such as Capital One, Evite, and Zynga have exposed more than 100 million client accounts. According to the research, the typical security incident in 2019 involves 25,575 accounts. To make matters worse, this information must be provided to customers, and businesses may become cautionary stories.
The shift to the cloud introduces a new danger vector that must be thoroughly understood in terms of data security. According to the 2019 SANS State of Cloud Security study, 19% of respondents reported an increase in illegal access by outsiders into cloud environments or cloud assets, a 7 percent rise from 2017.
Ransomware and phishing are also on the increase and are seen as big risks. Companies must protect their data so that it does not leak out through malware or social engineering.
AI and machine learning will be critical in future compliance efforts. Companies are attempting to automate various regulatory compliance activities, such as data extraction and location. As security expert Michael Cobb pointed out, inventories become obsolete unless automated scanning technologies are used to maintain data discovery capture by taking frequent snapshots of all apps and repositories where personal information is stored. Automation, he believes, is the only option for major enterprises to stay compliant with a massive volume of structured and unstructured data housed in data centers and the cloud.