Setting the Stage for Backup in Office 365
Teams too?” That’s the incredulous reaction from a customer whose Office 365 users had recently been targeted with a phishing attack using Microsoft Teams. Apparently, legit-looking Teams invitations and file sharing notifications with an almost pixel-perfect rendition of the real Teams emails have started cropping up in the customer’s Office 365 tenant. Just think — this customer had invested in driving Teams adoption to reduce email, believing this strategy would reduce the organization’s vulnerability.
Well, it’s about time. With 20 million daily active users (50 percent growth in three years), Teams is not a bad place for hackers to play. With a familiar-looking Teams email notification, it isn’t difficult
to get unsuspecting end-users to click a link that takes them to a spoofed but slick login page where they enter their credentials, thus letting the bad guys in through the front door.
Before you start mocking end-users who fall prey to phishing emails, know that hackers were able to breach a limited number of subscribers to Microsoft webmail services by compromising a support agent’s credentials early in 2019. Although the breach did not affect enterprise users and the subscribers’ login credentials were not compromised, the incident points to the fact that even
people in IT are not immune to phishing emails. You’d better have a good backup and recovery strategy in place to fall back on if you ever end up in this less-than-ideal situation.
Understanding the Need for Backing Up Data
Cloud technology is great. It has freed IT departments from implementing and managing complex and critical IT infrastructure by outsourcing those tasks to a cloud provider. What isn’t great, however, is when there is a mismatch between what you think your cloud provider backs up and what the provider is contractually responsible for backing up. Office 365 is a great example of this unclear shared responsibility.