Office 365 and G Suite Security: Do They Protect Against Data Breaches?

Do they protect more? Office 365 and G Suite invest heavily in cybersecurity. So, are they less vulnerable to a data breach or cyberattack?

They do provide better protection. But they don’t provide absolute protection.

Zac Wilcoxen is a Managed IT expert. He faces these questions every day. Zac sat down for an interview and explained the advantages and vulnerabilities of platforms like Office 365 and G Suite. He also discussed how you can enhance your business continuity on these platforms.

Jump to Zac’s answers by clicking on the links below:

Cyber Liability Self-Assessment

Are platforms like Office 365 ad G Suite protected from ransomware?

No. Even Office 365 and G Suite are susceptible. Kevin Mitnick, a renowned hacker who was on the FBI’s most wanted list for many years, and is now a cybersecurity consultant, makes this point clearly.

Kevin often demonstrates how easy it is to go in and deploy ransomware to access applications like Gmail and Office 365. He shows how a simple click on a malicious email can encrypt all of the emails in an account.

Microsoft and Google do care about security. And they invest heavily in security. But at the end of the day, both are permanently connected to the internet. So, they are susceptible. You can still get hit by ransomware on applications like these.

How do you protect yourself if you have Office 365 or G Suite?

Add additional levels of protection as if they were on-premise applications. Create consistent backups that are separate from the infrastructure of Office 365 or G Suite. Then, in the event that something happens, you can revert back by using your backups.

There are some fail safes built into these applications. For instance, G Suite has Google Vault. Use that to store a copy of your data. You can also set retention rules so that if somebody deletes something, or something happens to the data, it still saves that data. This is especially important in fields like law.

While Google Vault provides a level of protection, it still has shortcomings. That’s why it’s best to go the third-party backup route. Backup your cloud infrastructure the same way you do your onsite systems.

What’s an example of a backup solution?

Synology makes reasonably priced servers with broad features. For example, the Synology server has an application that will backup Office 365 and provides reasonable protection.

Make sure that you backup as often as you’re comfortable losing data. For example, let’s say that at 3:00pm today you get hit with ransomware. Are you okay losing the whole day’s work because your backup will only be as recent as yesterday’s backup? If so, then a daily backup is appropriate.

We typically set backup intervals to 15 minutes. Then, the max amount of data that you’re going to lose is 15 minutes because we can restore right back to that most recent point. We recently saw this happen.

It wasn’t a cyberattack, but there was a client of ours that had a server that crashed due to hardware failure. They were even set up in a RAID (mirrored hard drives). But unfortunately, both of those hard drives went bad at the same time. It’s  very unlikely – but it does happen. As soon as it crashed, we spun-up a virtual machine to pick up where they left off. And that crash happened four minutes after the most recent backup. So, they only lost four minutes of work time, and it took a total of six minutes to get that virtual machine online. They had a total downtime of six minutes and lost four minutes worth of work. So essentially, they didn’t see any downtime.

That’s the value of backing up and business continuity.

Do you see companies buying cyber liability insurance?

Yes, especially as privacy laws continue to emerge. If you’re not aware, California launched a significant data breach / cyber liability law in 2020 (the California Consumer Privacy Act or CCPA). It’s much like the GDPR in Europe. And there are financial liabilities for companies that fail to adhere to these new policies.

So, we’re seeing more and more businesses buy cyber liability insurance. Cyber security changes every day. I’m not trying to be pessimistic, but this is just the way I see it. It is more of a question of when a cyberattack will happen rather than if. With that said, I do believe it’s important to carry cyber liability insurance.

What do you recommend for email platforms?

When it comes to email, in my opinion, there are only two email infrastructures that I recommend. Those are Gmail through G Suite or Exchange through Office 365. They invest the most time, money, and effort into their infrastructures, making them the safest. I would strongly recommend that you avoid what we consider basic email providers such as GoDaddy or HostGator. The primary reason being that their spam filters are not very well trained in comparison to Google or Microsoft. Google has great phishing and spam filtration. If you use GoDaddy or HostGator, you’re going to see an immense influx of phishing emails which can result in a breach. So, it’s important to use, in my opinion, one of the big players.

Wrapping up

There’s no way to avoid data breach threats and cyberattacks. That’s the world we live in. But there are steps you can take to protect yourself and mitigate risk.

First, create a business continuity plan. Have continuous backups ready to keep you moving when (not if) the worst happens.

Next, get Data Breach and Cyber Liability insurance. This is a small investment that helps you respond in your time of need.

Lastly, go with the big players for your email infrastructure – G Suite or Office 365. Google and Microsoft invest the most into their infrastructure and SPAM filtering. There’s not much difference in cost. And the additional security makes this a bargain.


Bio

With a lifetime spent in IT, Zachary Wilcoxen has seen it all. He started young as an agent doing on-site service calls for Computer Nerdz, before taking a position at a data center in the network operations center. There he maintained the infrastructure most people refer to as “the cloud”. Honing his craft, and studying computer science, he eventually took a software engineering position working on a popular cloud storage platform.

After a number of years in the workforce, building a skill set, Zac set off to start his own business which today is known as Pretect Managed IT Services. We offer 24/7 help desk support, proactive asset monitoring, cyber security, and automation.


Disclaimer

Daniels-Head Insurance Agency (DHIA) seeks thoughts and insights from a variety of individuals and organizations in the industry. The guest content on this blog represents the individual opinion of the author and not that of DHIA. Nor is it the opinion of DHIA’s underwriters and business partners. Neither DHIA nor DHIA’s business partners are recommending, endorsing, or sponsoring any companies, or third parties mentioned in this blog.

More Articles

View All Articles

Defending Against Ransomware Attacks Today

Explore the history of ransomware attacks, the tactics used today, and the proactive measures you can take to protect your law firm from this growing cyber threat.

Multi-Factor Authentication: A Vital Layer of Protection

Discover how implementing Multi-Factor Authentication (MFA) can serve as a formidable barrier against unauthorized access and why it's a simple yet powerful tool that every individual and business should employ.