In the past few weeks, this blog has focused on the shortcomings of the built-in recovery measures of the G Suite and Office 365, highlighting the need for a third-party backup solution. There are a number of myths about cybersecurity and data backup surrounding these two cloud-based suites. People often use these misconceptions to convince themselves they don’t need an external backup solution for their data.
That’s why today, we’ll be addressing some of the most common of these myths, replacing them with facts to illustrate what your productivity suite can and cannot do in terms of keeping your files and messages safe from being lost.
Fact 1: G Suite can recover lost data – but only for a limited time
Like we mentioned in last week’s blog post, you do have some protection against accidental deletion in the G Suite: all deleted items are stored in the Bin for thirty days. After that, Google will retain the data on its servers for 25 more days. During this time, admins within your organisation can still recover it through the following steps:
- Go to the Admin console and navigate to “Users”
- Find the user whose data you want to restore and click “More” -> “Restore data”.
- Remember that you can’t search for or preview individual files. Instead, you need to select a date that you want to restore their data to (either a range or a single date). Make duplicates of messages and work done after this to avoid overwriting them. All deleted files/messages in this date range will be restored.
- Specify the data (either Drive or Gmail) you want to restore and click “Restore”. This could take up to a few hours.
After the 25 days are up, the data is permanently deleted and you have no way to recover it unless you have invested in a third-party backup solution.
Fact 2: Your G Suite account is under constant threat from malicious 3rd party apps
There are a lot of great third-party apps for G Suite to boost your productivity and make life easier overall. However, just because these apps are up on the G Suite Marketplace, the Chrome Webstore, Google Play or the iTunes store doesn’t mean they’re automatically safe to use. In fact, according to Syscloud’s G Suite Third-Party App Security Report, around 70% apps deemed to pose a medium risk and 44% of those posing a high risk had more than 1 million downloads.
So when you’re installing new third-party apps, read carefully what permissions you’re giving the app to access your data and make sure the app has lots of verified reviews to help you gauge its authenticity. Additionally, IT administrators should consider creating strong guidelines for downloading third-party apps onto work devices within their organisation.
Fact 3: Office 365 data is not protected from human error
Microsoft will take responsibility and step in to help you recover your data in the event of a loss of service due to hardware failure or natural disaster. Apart from that, Office 365 data is protected against human error only in the short term: items moved into the Recycle Bin can be recovered for 30 days, while the Recoverable Items folder in Exchange Online keeps deleted emails and similar communications for 14 days before deleting them for good.
And as we’ve previously brought up on this blog, you might not notice an important file or email has been deleted before that short time frame is up – if someone hasn’t emptied the Recycling Bin manually before that. In situations like this, Microsoft takes no responsibility for your missing data.
And while Office 365 can create up to 500 versions of a single file so you can easily revert back to an earlier version of your work, these 500 versions are spent up surprisingly quickly and versioning within your organisation might be lowered to a smaller number to free up some space.
Fact 4: Office 365 is not a complete SaaS product – so its cybersecurity isn’t on par with one, either
Many people seem to think that since Office 365 is jam-packed with meticulously developed productivity tools, it’s a fully-fledged SaaS product with built-in, impenetrable cybersecurity. This is not quite the case.
We’ve written a fair bit about the strengths and weaknesses of O365 cybersecurity on this blog in the past, so we won’t go too deep into this topic here. Suffice to say that the suite lacks more sophisticated measures like sandboxing and predictive technology to protect you against things like zero-day attacks. Additionally, there’s always a chance for phishing emails to get through or for cybercriminals to gain access to an admin account through a stolen device or one hacked with spyware.
Office 365 isn’t designed to be a complete IT solution, so in order to protect your organisation from more complex threats, you should ideally use a third-party cybersecurity tool like TitanFiltering as well as a SaaS backup solution to keep your data safe.
Whether your organisation uses the G Suite or Office 365, you shouldn’t assume your data is safe if the only place you store it is within your productivity suite. You need to deploy additional cybersecurity measures, with IT security awareness training being near the top of the list. A G Suite or Office 365 backup service provides an additional layer of security on top of these measures to lower your chances of a data breach or losing important files and messages. For specific product recommendations for data backup, tune in on our blog next week for a dedicated article on this subject.