Home » Spin.AI Blog » Cybersecurity » Microsoft 365 Security » Office 365 Disaster Recovery Plan: 5 Critical Mistakes to Avoid
November 16, 2021 | Updated on: March 21, 2024 | Reading time 10 minutes

Office 365 Disaster Recovery Plan: 5 Critical Mistakes to Avoid

So you’ve decided to back up your organization’s Office 365. You already know that backup is the only way you can avoid the notorious repercussions of data breaches and losses occurring every day. Therefore, the Microsoft Office 365 disaster recovery plan is your must-have.

Maybe you are also aware that Office 365 provides its built-in layer of data loss prevention tools and are planning to use them. But since Microsoft’s backup environment is pretty entangled with multiple policies, you may end up with many unanswered questions. Not being aware of the law is not a valid excuse.

Additionally, if you do not comprehend how the system operates, you may make mistakes. One such mistake is failing to protect your private information from unauthorized individuals. And these mistakes can spill massive data losses for your organization.

This article is intended to save your time and energy and the company’s money by avoiding some underwater stones. Here are five widespread mistakes IT admins make when backing up Office 365 data. 

Office 365 Disaster Recovery Plan Mistakes

1. Forgetting to Set Up Litigation Hold/Retention Policy

Microsoft has policies that are set by default to hold your data and let you access it for some time after the deletion. After this time permanently deleted files will be gone forever. 

Forgetting to set up specific rules for data preservation can be fatal for the company’s data unless you are backing them up already. And yet, many administrators make this mistake.

To avoid this mistake, you must first prepare a Data Governance Policy (DGP), if you still don’t have one. This DGP determines which type of data you must store for which period. Usually, it depends on compliance regulations for your industry and the individual company’s needs.

With this information in mind, you can create custom Retention and Hold Policies for the company’s data. These policies won’t help you restore your data easily but will make sure you can at least access them in the case of a disaster.

2. Confusing Microsoft 365 Data Backup with Office 365 Data Preservation Tools 

Microsoft Office 365 has a lot of tools that may be handy in saving data. Some of them are manual, and you can read more about them in the article about cloud backup for small businesses. 

Here we are talking about the eDiscovery and Preservation Hold Library that are often mistakenly considered as native Office 365 backup tools. With their help, you can preserve Office 365 data – emails, team chats, SharePoint, and OneDrive files, – for a certain period for legal purposes.

But here is what you shouldn’t be mistaken about: with those tools, your original data is not copied – it is moved to long-term storage. You can still access and extort them in case someone deleted these data. If someone removes a user from the system, their data will be erased from Litigation Hold (eDiscovery) and disappear.

This factor represents a severe risk in case of a successful brute-force attack or account hijacking. If a hacker cracks a user’s password (81% of data breaches happen because of poor passwords), they can delete the account with all data. If it happens, eDiscovery or Preservation Hold Library won’t help you restore the data.

3. Thinking That You Can Easily Restore Data Through eDiscovery

Microsoft Office 365 backup solution

This mistake costs many admins their time and works efficiently.

If you set data on hold with Litigation Hold or Retention Policy, you can access data through E-Discovery even if someone deleted it. You can search for any files and export them.

But you may confuse the export function with the restoration, while the difference is significant. For example, if you have 50 emails deleted from the Recoverable Items folder, to restore them to the initial location with the eDiscovery you have to:

  1. Manually search each of the 50 emails 
  2. Export each of them in PST format to your computer
  3. Upload them one by one to the initial folder.

You can read more on how to recover deleted items in Office 365 with eDiscovery here.

The same system works for all Office 365 data covered by Litigation Hold. This system leaves you with a ton of work in case of deletions or ransomware. And they happen all the time. So be patient, especially if your organization generates high volumes of data and needs to restore it quickly in case of an emergency.

If you need to quickly and easily recover data, choose a professional Office 365 Disaster Recovery cloud backup service called SpinOne. It will save you many hours of tiring work and provide you with much better results. 

4. Keeping All Eggs in One Basket

A recent Amazon AWS data loss incident clearly shows: even public cloud giants can suffer unrecoverable data losses. A power loss, an earthquake, an outage, or a professional hacker attack can destroy your data with no hope for restoration. 

Just imagine that you and other users can’t access data because of a shutdown of Microsoft data centers. If something happens with data centers, it puts all data your company relies on in jeopardy.

Trusting all your valuable data to one cloud storage provider is like keeping all eggs in one basket: if the basket falls, all the eggs are crushed.

To avoid this scenario, you’d better spread your data copies across several cloud storage providers. For example, your company has one Microsoft Office 365 data backup represented by eDiscovery archive in the Microsoft Azure cloud storage. But you can also use another third-party Microsoft Office 365 backup solution that stores data on the Google GCP or Amazon AWS clouds. By doing so, you will diversify your data and increase your chances to keep it safe in the case of disaster.

5. Not Having a Plan for Leaving Employees and Their Data

Office 365 disaster recovery

When employees leave an organization, you are the one to manage their data. Since data security hugely depends on how you approach their exit, planning is everything.

Knowing how to take care of leaving employees’ data is crucial when you are planning your Office 365 backup policy. If you forget about this, your company may end up losing data. 

In one of our previous articles, we described how to plan an employee exit in detail.

Here are two things you should remember:

  • Keeping the user account activated to keep the data will cost your organization at least $20 / month per license. 
  • Deleting the user account means erasing all the eDiscovery archives attached to it. After you delete the account, the data on it is lost.

This leaves you with two options: 

  1. Manually migrate data from the account of a leaving employee to the new employee’s account. This is a tricky task and takes a lot of time, especially with high amounts of data involved. 

Also, don’t forget that you shouldn’t share some information with a new employee. Some of the data may contain details that shouldn’t be disclosed by third parties. But it can be hard to exclude these files or messages manually when you are migrating lots of data.

  1. Back up data with SpinOne. If you have your data backed up, you don’t have to migrate it anywhere – everything is safely kept in the cloud and ready for restoration 24/7. But in case you still need to migrate data between Office 365 accounts, you can do it in one-two-three using SpinOne.

Avoid these mistakes; always back up your data, and make your work easy and enjoyable!

Try SpinOne for free

Was this helpful?

Thanks for your feedback!
Avatar photo

VP of Engineering

About Author

Sergiy Balynsky is the VP of Engineering at Spin.AI, responsible for guiding the company's technological vision and overseeing engineering teams.

He played a key role in launching a modern, scalable platform that has become the market leader, serving millions of users.

Before joining Spin.AI, Sergiy contributed to AI/ML projects, fintech startups, and banking domains, where he successfully managed teams of over 100 engineers and analysts. With 15 years of experience in building world-class engineering teams and developing innovative cloud products, Sergiy holds a Master's degree in Computer Science.

His primary focus lies in team management, cybersecurity, AI/ML, and the development and scaling of innovative cloud products.

Contents

Latest blog posts

Microsoft 365 Security Best Practices and Recommendations 2024

Microsoft 365 Security Best Practices and Recommendations 2024

Micorosft 365 is a business-critical cloud environment that contains terabytes of sensitive information. Protecting this... Read more

What data can be backed up from Microsoft 365

What data can be backed up from Microsoft 365?

Microsoft 365 services contain business-critical data. However, none of the services has an in-built backup... Read more

How to Implement Data Leak Prevention in Microsoft 365

How to Implement Data Leak Prevention in Microsoft 365

Microsoft 365 Office Suite contains business-critical information. Despite the company’s powerful security measures, data leak... Read more