Office 365 Disaster Recovery Plan: 5 Critical Mistakes to Avoid
So you’ve decided to back up your organization’s Office 365. You already know that backup is the only way you can avoid the notorious repercussions of data breaches and losses occurring every day. Therefore, the Microsoft Office 365 disaster recovery plan is your must-have.
Maybe you are also aware that Office 365 provides its built-in layer of data loss prevention tools and are planning to use them. But since Microsoft’s backup environment is pretty entangled with multiple policies, you may end up with many unanswered questions. Not being aware of the law is not a valid excuse.
Additionally, if you do not comprehend how the system operates, you may make mistakes. One such mistake is failing to protect your private information from unauthorized individuals. And these mistakes can spill massive data losses for your organization.
This article is intended to save your time and energy and the company’s money by avoiding some underwater stones. Here are five widespread mistakes IT admins make when backing up Office 365 data.
Office 365 Disaster Recovery Plan Mistakes
1. Forgetting to Set Up Litigation Hold/Retention Policy
Microsoft has policies that are set by default to hold your data and let you access it for some time after the deletion. After this time permanently deleted files will be gone forever.
Forgetting to set up specific rules for data preservation can be fatal for the company’s data unless you are backing them up already. And yet, many administrators make this mistake.
To avoid this mistake, you must first prepare a Data Governance Policy (DGP), if you still don’t have one. This DGP determines which type of data you must store for which period. Usually, it depends on compliance regulations for your industry and the individual company’s needs.
With this information in mind, you can create custom Retention and Hold Policies for the company’s data. These policies won’t help you restore your data easily but will make sure you can at least access them in the case of a disaster.
2. Confusing Microsoft 365 Data Backup with Office 365 Data Preservation Tools
Microsoft Office 365 has a lot of tools that may be handy in saving data. Some of them are manual, and you can read more about them in the article about cloud backup for small businesses.
Here we are talking about the eDiscovery and Preservation Hold Library that are often mistakenly considered as native Office 365 backup tools. With their help, you can preserve Office 365 data – emails, team chats, SharePoint, and OneDrive files, – for a certain period for legal purposes.
But here is what you shouldn’t be mistaken about: with those tools, your original data is not copied – it is moved to long-term storage. You can still access and extort them in case someone deleted these data. If someone removes a user from the system, their data will be erased from Litigation Hold (eDiscovery) and disappear.
This factor represents a severe risk in case of a successful brute-force attack or account hijacking. If a hacker cracks a user’s password (81% of data breaches happen because of poor passwords), they can delete the account with all data. If it happens, eDiscovery or Preservation Hold Library won’t help you restore the data.
3. Thinking That You Can Easily Restore Data Through eDiscovery
This mistake costs many admins their time and works efficiently.
If you set data on hold with Litigation Hold or Retention Policy, you can access data through E-Discovery even if someone deleted it. You can search for any files and export them.
But you may confuse the export function with the restoration, while the difference is significant. For example, if you have 50 emails deleted from the Recoverable Items folder, to restore them to the initial location with the eDiscovery you have to:
- Manually search each of the 50 emails
- Export each of them in PST format to your computer
- Upload them one by one to the initial folder.
You can read more on how to recover deleted items in Office 365 with eDiscovery here.
The same system works for all Office 365 data covered by Litigation Hold. This system leaves you with a ton of work in case of deletions or ransomware. And they happen all the time. So be patient, especially if your organization generates high volumes of data and needs to restore it quickly in case of an emergency.
If you need to quickly and easily recover data, choose a professional Office 365 Disaster Recovery cloud backup service called SpinOne. It will save you many hours of tiring work and provide you with much better results.
4. Keeping All Eggs in One Basket
A recent Amazon AWS data loss incident clearly shows: even public cloud giants can suffer unrecoverable data losses. A power loss, an earthquake, an outage, or a professional hacker attack can destroy your data with no hope for restoration.
Just imagine that you and other users can’t access data because of a shutdown of Microsoft data centers. If something happens with data centers, it puts all data your company relies on in jeopardy.
Trusting all your valuable data to one cloud storage provider is like keeping all eggs in one basket: if the basket falls, all the eggs are crushed.
To avoid this scenario, you’d better spread your data copies across several cloud storage providers. For example, your company has one Microsoft Office 365 data backup represented by eDiscovery archive in the Microsoft Azure cloud storage. But you can also use another third-party Microsoft Office 365 backup solution that stores data on the Google GCP or Amazon AWS clouds. By doing so, you will diversify your data and increase your chances to keep it safe in the case of disaster.
5. Not Having a Plan for Leaving Employees and Their Data
When employees leave an organization, you are the one to manage their data. Since data security hugely depends on how you approach their exit, planning is everything.
Knowing how to take care of leaving employees’ data is crucial when you are planning your Office 365 backup policy. If you forget about this, your company may end up losing data.
In one of our previous articles, we described how to plan an employee exit in detail.
Here are two things you should remember:
- Keeping the user account activated to keep the data will cost your organization at least $20 / month per license.
- Deleting the user account means erasing all the eDiscovery archives attached to it. After you delete the account, the data on it is lost.
This leaves you with two options:
- Manually migrate data from the account of a leaving employee to the new employee’s account. This is a tricky task and takes a lot of time, especially with high amounts of data involved.
Also, don’t forget that you shouldn’t share some information with a new employee. Some of the data may contain details that shouldn’t be disclosed by third parties. But it can be hard to exclude these files or messages manually when you are migrating lots of data.
- Back up data with SpinOne. If you have your data backed up, you don’t have to migrate it anywhere – everything is safely kept in the cloud and ready for restoration 24/7. But in case you still need to migrate data between Office 365 accounts, you can do it in one-two-three using SpinOne.
Avoid these mistakes; always back up your data, and make your work easy and enjoyable!
Was this helpful?
How Can You Maximize SaaS Security Benefits?
Let's get started with a live demo
Latest blog posts
Brewing Trouble: How a Starbucks Ransomware Attack Poured Cold Wate...
Cybercriminals often carry out attacks around holidays as this helps to ensure the most amount...
Data Loss Prevention Techniques for 2025 and Beyond
It’s painstakingly clear that data loss is a major challenge facing businesses today. Our experts...
What is SaaS Security? Challenges & Best Practices
Businesses increasingly rely on Software as a Service (SaaS) for increased efficiency, collaborativeness, and scalability....