Why Office 365 Users Are More Vulnerable Than They Think

Since Microsoft released Office 365, it has become one of the most successful SaaS (software as a service) products on the planet. Between Q3 2015 and Q2 2016, in fact, Office 365 enterprise use grew 320 percent, according to research from Skyhigh Networks.

As Outlook, Word, Excel, and other Microsoft apps move to the cloud, the data associated with these apps is synced in Microsoft’s cloud, giving users that peace of mind of knowing that should their computers become unusable, they can still log in to their apps via a web browser on another computer and continue working.

That’s how it works in theory anyway. Understanding where perception and reality diverge is essential for protecting your customers from unwelcome surprises. Specifically, there are two things you should keep in mind with Office 365:

1. Data Recovery

Executives are famous for accidentally deleting important files and failing to notify their MSP partners about it for several weeks — or even months — after the fact. If you’re relying on Microsoft’s built-in backup services/data retention policies for recovering deleted files, you could be out of luck. For documents stored on OneDrive, for example, can be recovered for 90 days following deletion, but for e-mail that window is much smaller with only a 30-day recovery period before the file is permanently deleted.

In some industries, such as financial services, companies are required to follow strict long-term data retention guidelines that far supersede Microsoft’s backup and retention policies. When you talk to prospects and clients about Office 365, be sure to discuss higher-level business concepts such as business continuity, RPO (recovery point objective) and RTO (recovery time objective) as well, so you can both be on the same page.

This creates a good opportunity to talk about the differences between backup and BDR (backup and disaster recovery), too. There are lots of companies that have backup products — you can even find some of them for free. But, BDR focuses on the important second half of the equation, which is recovery. Being able to recover business apps and data quickly is what makes an MSP’s paid offerings the much better choice for businesses.

2. Security

Although just a few years ago there was concern about cloud security, we’re actually starting to see the pendulum swing the other way. Today, there are many companies that think that if they’re using a cloud service like Office 365, all the security they need is already built in. If that were true, we probably wouldn’t be seeing such an epidemic rise in ransomware and other cyber-attacks.

The vast majority of spam, viruses, phishing attacks, malware, ransomware, and other advanced threats intended to steal data and hijack control of businesses come from inbound emails. And, according to the Q1 2016 Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG), the number of fraudulent websites used in phishing scams is on the rise, with the group reporting a 250-percent increase in these types of sites from the last quarter of 2015 through the first quarter of 2016. Furthermore, the APWG study also reported the capture of 20 million new malware samples during Q1 2016.

Office 365’s email client, Outlook, will stop some of these attacks, but most MSPs will attest that many threats still make it through Exchange Online Protection (EOP), Outlook 365’s built-in filter, so MSPs will want to look for an added layer of protection.

An example of a solution that will fortify your customers’ Office 365 apps and data is Barracuda Essentials for Office 365. This integrated suite provides critical multi-layer security, archiving, and BDR services for Office 365 allowing your customers to operate faster, safer, and more efficiently in Office 365.

Chris Crellin, TK
Chris Crellin is senior director of product management for Intronis MSP Solutions by Barracuda. Read more Intronis MSP Solutions blogs here.