Microsoft will be deprecating Basic Authentication for Exchange Online prior to completely removing the authentication method on October 13, 2020. Basic Authentication passes username and password with every request, which is not as secure as Modern Authentication based on OAuth 2.0. This is a token-based authorization process that eliminates the use of usernames and passwords.
As a result, in order to comply with Microsoft policy for secure authorization, you will need to re-authorize your Safe Data Storage Exchange Online backups using OAuth.
To switch to OAuth, you will need to login to your Safe Data Storage account and do the following:
These changes must be made prior to October 13, 2020 to ensure your Exchange Online backups continue to run each day. Any Exchange backup still using basic authentication after October 13, 2020 will no longer work. You can find out more on the changes to authentication in this Microsoft Developers Blog.
Although Microsoft will still support credential based authentication for SharePoint, OneDrive, Groups and Teams, we recommend that you also change these backups to OAuth at this time. This will provide greater security for your data and will eliminate any issues in the future when Microsoft eventually deprecates credential authentication for these services.
Please contact firstname.lastname@example.org if you have any questions or need assistance changing your backups to OAuth based authorization.
When you run an application in the cloud or store data there, you might think that it is protected; however, this is only true to a certain extent. While cloud providers will have some measures in place to safeguard your data, these may be fairly basic and not sophisticated enough to get back an individual deleted file from a particular date, for example.
To stay safe, you should therefore look at making additional backups of your cloud data. The obvious way to do this is to back up one set of cloud data to a different cloud via a cloud to cloud backup. Cloud services such as G Suite and Office 365 have backups in place, but these are generally designed to protect the service provider rather than the user.
Cloud to cloud
It is really quite a simple concept: rather than backing up to a local device such as a hard drive or tape, you are backing up from one cloud to a different cloud. This adds another layer of protection by ensuring that you are keeping a copy of the data somewhere else - an off-site backup, if you will.
Making a cloud to cloud backup helps the business by ensuring that you can easily retrieve data in the event that it is accidentally deleted or it is corrupted by a cyber attack or malicious activity. As no additional infrastructure is required, costs of this type of backup are generally low; what’s more, you can easily adjust the amount of storage you need as your business grows or to cope with seasonal variations in the amount of data you generate.
Pros and cons
Backing up to the cloud has the advantage that the data is accessible from anywhere at anytime, providing you have internet access; therefore, just as with your cloud applications, the backup is still available if you are at a different location. This is convenient for IT teams, who can access all their information from a central point with no need to visit sites to make restores.
For smaller businesses, the advantage of having C2C backup managed automatically is a big plus. If the backup is carried out automatically, there is no chance of human error leading to saves being skipped or incorrectly carried out. You can do this while still having control of the essentials, such as how often saves are carried out, whether this is to a timed schedule or triggered by events.
As with any cloud service, you need to take the security of your backup seriously. It is essential that you use encryption and protect access to your cloud backup with strong passwords and multi-factor authentication.
Any backup is only as good as the restore options it offers; therefore, you need to ensure you have a system with enough flexibility to recover your data, whether it is an individual file or a whole system.
When it comes to schedule data backups, there are three main types: full backup, incremental backup, and differential backup.
This is a complete copy of your organisation's data and files in a single version. The advantages of this option are that it gives you the chance to restore your entire data assets if needed, there is simple access to the most recent version of your backup, all backups are in one simple version, and it should enable business operations to be restored in full with minimal downtime/interruption.
The downsides are that complete backups require significant storage space, demand substantial bandwidth, and the process can be relatively time-consuming due to its totality.
This type of backup covers all files that have been altered/modified since the last backup, whatever type the previous one was. As an example, if you were to run a full backup on a Friday and then an incremental one on the following Tuesday, the incremental backup would be a copy of all files that had changed between the Friday and the Tuesday.
The advantages of incremental backups are that the backups themselves do not take that long and they are smaller in scale, so they will need less storage and bandwidth.
The downsides are that the recovery time may be slower and they need to work in conjunction with a full backup if a complete recovery is needed. This piecing together of the data from different backup sets can be complex and time-consuming. There is also a small chance of incomplete data recovery where one or more backup sets to fail.
This is a cumulative backup of all files that have been changed since the last completed backup. For example, if you were to run a full backup on Monday and a differential backup on Thursday, this backup would cover all files changed between Monday and Thursday. If you were to then run another differential backup on Friday, it would cover all files changed since Monday’s full backup as opposed to since Thursday’s.
The advantages of this are that it requires less storage than a full backup and only two backups - the last full and latest incremental - are required for recovery.
The disadvantages are that the backup itself takes longer than an incremental one, it requires an initial full backup to enable total recovery, two backup sets will need to be patched together, and there is a chance that if one of the two is faulty/incomplete, the recovery will fail.
Many organisations opt for a combined approach to backups, which utilises a full backup - perhaps weekly - plus either a differential or incremental daily backup. Each option has its own risks and rewards and the best option depends upon the organisation’s relationship with its data. This includes facts such as the data protection strategy, the volume of data, and the frequency with which the data/files are changed.
Why do so many small businesses trust us with their data?
Safe Data Storage provides secure offsite backups for 5000 SME-owned devices every day. Almost every small business holds data about customers, employees, and products. What would your business do if all of that critical information was suddenly gone? How would your employees do their jobs? How much money would you lose as a result? Are you prepared? If you are not prepared, then small business backup software will be the ideal solution for you.
Unscrupulous hackers using ransomware exploit software vulnerabilities or gain access through email or even instant messaging clients like WhatsApp. Once they get their code on to one of your company devices, they can mount an attack. They could block access to your data and demand money (usually in untraceable currencies such as Bitcoin) to release it. Even those that pay sometimes find their data is gone for good. Attacks happen to businesses across the UK on a daily basis.
40% of Businesses Have Been Targeted by Hackers
Recent statistics show that a huge number suffer data loss and damage to reputation and finances as a result of cyber-attacks. Even taking regular backups of your own data may not help if they are stored on the same network as your systems, where hackers could damage them or prevent access. So what should you do to protect your business?
Mitigate these risks by making sure your critical business data is backed up regularly to an off-site storage server. Safe Data Storage provides secure cloud storage for your backups, keeping them out of reach of hackers. Backing up your data with us means that whatever happens to your systems, you can always get a recent copy of your data back quickly, reliably and simply.
Our cloud servers are owned by us, so nobody else will have access to your data. All our servers are in the United Kingdom. This is important in order for your business to comply with UK data protection law, which does not allow data about UK citizens to be stored outside the European Union. This may change after the Brexit transitional period at the end of 2020, so by keeping your backups in the UK you are future-proofing your backup plan. You can trust our small business backup software. Your data will be fully encrypted to keep it as secure as it can be.
We are certified to ISO 27001 information security standard and ISO 9001 quality management standards, so you can trust us to protect your business by keeping your data safe and secure.
Our range of products will support your business, whether you prefer on-site, private or public cloud solutions.
Our friendly and experienced UK telephone support team are here to help with any query.
Call us to discuss the best solution for your business. We’re confident you will soon join our growing number of happy customers. Enjoy peace of mind, ensuring you can keep your business working no matter what goes wrong.
If they haven’t done so already, most organisations are looking at moving applications to the cloud. This has many advantages in terms of flexibility and cost. Google has become one of the big players in the cloud market thanks to its G Suite of office applications.
G Suite offers cloud access to email, storage, and a wide choice of applications for handling documents, spreadsheets and more. Of course, storing data in Google’s cloud means you can access it from other systems as and when needed. You may think that this does away with the need for a conventional backup, but to properly protect your data it’s important to have an active backup for G Suite as well.
It’s often said that there is no such thing as the cloud; there are only other people’s computers. Google is a big company and isn’t likely to disappear any time soon, but even so, you have to ask yourself how much you trust it with your data. You also have to look at how effective G Suite’s built-in facilities are. How easy would it be to get back a file that has been accidentally deleted for example?
At the end of the day the data is yours and it’s vital to your business, so it’s important to put your own backup arrangements in place to make sure you are protected and have the ability you need to get back files that have been deleted, damaged by ransomware and so on.
So, what should you be looking for in a backup solution? Just because data is in the cloud doesn’t mean that the things you need from a backup should be any different from if it was held locally. A key factor is that you should look to automate the process so that there is no possibility of backups being skipped due to human error.
You should aim for at least a daily backup; however, if you are generating large volumes of data, then saving them more often will ensure that you boost your chances of a quick recovery in the event of a problem.
A key part of any backup program is how good the recovery options are. You should make sure that it’s equally easy to get back whole systems or individual files. A good system will allow you the option of going back to different versions of the save so that you can get back to a version of a file before it was corrupted, for example.
As well as protecting your data, backups are also useful when you are migrating between systems. If you’ve only just started to use G Suite and are transferring you data across, you should start backing it up straight away. This ensures you can recover, should the migration process go awry without putting your data at risk.
Have you started to consider active backup for Office 365 in order to protect your data? More and more businesses are moving their systems to the cloud. It’s easy to understand the motivations for this - controlling costs is easier and you have the flexibility of being able to access your systems from anywhere there’s an internet connection.
However, one thing that often gets overlooked in the rush towards the cloud is the need for backups. Yes, of course, the cloud provider backs up its own systems, but this tends to be in its own interests rather than yours. So, for example, you may not be able to recover from an accidental error like deleting a file or from the actions of a rogue employee.
Reasons to backup
Data is an essential commodity for all businesses and protecting it is essential. Having an additional active backup for Office 365 means that you get added security and flexibility over and above the in-built features that Microsoft provides.
People inevitably make mistakes and it’s therefore important that you have the ability to get back files or emails that may have been accidentally deleted or overwritten. With an additional backup, you can be sure that your data is saved to a separate cloud location where it can be accessed by authorised staff if it needs to be.
Of course, you also need to guard against malicious activity, whether it’s from hackers or disgruntled employees. Again, the ability to have a separate, secure backup can be a lifesaver for the business.
A separate backup can also help when employees leave. If you deactivate their account, you will lose the ability to access any old emails from Microsoft’s system after 30 days. A separate backup solution ensures that you can keep archive data for as long as you want, meaning you can access it as needed.
Features to look for
What do you now need to look for when choosing an Office 365 backup solution? Firstly, you should ensure that your backup data is saved to a secure, private cloud. Your backup data should be encrypted so that it can’t be accessed if the data should fall into the wrong hands.
Secondly, you need to ensure that you can control the retention policy. Flexibility here is essential, as you may need to keep some data or messages for longer than others. In some industries, you may need to retain information for a fixed period for regulatory requirements, for example.
No one wants to think about having to restore from a backup, but it’s important that you do so. Make certain that you will be able to restore information directly back into Office 365. Also ensure that you have the ability to restore back to a particular point in time - this is important in recovering from a failure such as a ransomware attack.
Finally, make sure you understand the pricing structure and exactly what you’ll be paying for.
"The dog ate it" may still work for students, but never for their schools and colleges. Educational data safety is critical for complying with the law, for the running of the institution, and for the future of its students. It is a heavy burden for education because staff and students need constant access and the resources to defend it are often lacking.
Deliberate attacks on data are rising everywhere. Incidents reported to the authorities are a small fraction of the true figure, but nevertheless, they reveal a steep upward trend. Schools and colleges notified the Information Commissioner of data security incidents, 511 times in the second quarter of 2018-19, compared to 355 in the corresponding period of the previous year. Illegal data disclosures were notified 353 times, compared to 239 the previous year and only 26 the year before (https://schoolsweek.co.uk/school-data-security-incidents-rise-in-wake-of-gdpr/). Over 1000 denial-of-service attacks were also reported.
According to a study by University Business Magazine, higher education institutions now suffer 17% of all successful cyber attacks.
The unique problems of educational backup
Attempted hacks by curious students aside, educational data is highly valuable to criminals. Early glimpses of course materials and test papers can be resold around the world. Access to student records enables many forms of abuse, including theft of student financial resources, identity theft and subsequent exploitation of students themselves. Malicious encryption and blackmail are still common.
The intensity and variety of data access is another problem for educational backup. Staff, students and administrators use a wide variety of devices daily - pen drives, smartphones, laptops connected to public Wi-Fi services and so on. Data resources are rapidly becoming the lifeblood of education, so safe access is literally a matter of life and death for today’s providers.
Even leading universities admit they lack sufficiently trained staff to stay abreast of the threats, technology and legislation. The government recently provided a standards framework for assessing the fitness of cyber-security (BS31111:2018), but providing it is still a huge challenge for institutions that try to cope alone.
Cloud backup solutions
Even if there were no outside threats (and therefore no need for security legislation), educational servers still labour under a heavy load. Students still frequently find that important work has been deleted after incorrect storage. Space is limited and if students could use it as much as they liked, it would be an expensive proposition to provide it. Future requirements can be unpredictable. Equipment dates quickly and has to be replaced at high cost.
There are multiple benefits from transferring data stores to specialist Cloud storage providers. Firstly, they have the specialists needed to provide the best security available. Secondly, backups are automatic and frequent. Thirdly, your data capacity can grow, or contract, according to your requirements. You will never pay for more than what you need and will never have to update the hardware it resides on.
What are the main advantages of online backups for a small business?
Having an online backup for a small business mitigates the damage that could be caused by fires, floods, computer viruses, theft, etc. These incidents could ruin more traditional devices. If your computer is destroyed in a fire or flood, an online backup means that you will still be able to recover your data and won’t lose your valuable files.
Recovery is easier
The best online backup solutions are able to provide full data recovery whenever it is needed and in a very short time. This means that there will not be a significant disruption to your workflow if things go wrong.
Manual data backups are generally unable to deal with versioning. This is because they tend to be taken at ‘absolute’ points, such as at midnight. However with online data backups, sequential copies of your data can be saved and catalogued, meaning that you can go back to specific previous versions if needed - even if they have only been minimally changed. This is particularly useful when working on data that is being changed or updated on a regular basis.
Sync your data on different devices
This means that the latest version of your file is always available, regardless of whether you are accessing it via your tablet or via your desktop computer. This boosts productivity and means no longer having to save different versions of the same file on each different device and being unsure which is the most up to date.
Saves money and time
Buying physical backup media can require significant initial outlay. These devices also need maintenance, upgrading, checking etc, which will take up valuable time.
Peace of mind
Knowing that your data is safe, backed up and easily retrievable removes a great deal of worry and pressure. It is hard to put a value on this peace of mind; however, for most people, it is worth a significant amount.
This all sounds fantastic, so what’s the catch? Well, there are a couple of potential downsides:
Initial backup/seeding data - this first full backup can be time-consuming and potentially disruptive to the workplace, as it will tend to need at least some downtime.
Size limitations - bandwidth can be an issue for some larger organisations, as full backups on an hourly basis require significant capacity. This is not much of an issue for smaller businesses.
Discontinuation of service - this is a potential issue if opting for smaller, lesser-known providers, as you need to be aware that they could pull the plug with little warning. This is not going to happen with the larger providers.
What do we mean by online cloud storage?
It is important that as service users, we understand what happens to our data when it is uploaded to the ‘cloud’. Cloud storage really means the usage of any company or organisation’s servers via the Internet. Companies such as Google, Amazon, Microsoft, and BT all offer data storage facilities either for free or for a small fee. Cloud storage can be used by individuals, organisations and anyone else with Internet access for that matter. What is important about cloud storage for charities, however, is that it must strike the balance between being cheap and yet also highly secure. So how do you strike that balance as a charity?
How do I know that my data is secure?
The main consideration for any charity is knowing where the data is being stored and how to access it at any given moment. Cloud storage for charitable organisations and any companies for that matter absolutely must be secure and rely heavily on the Internet. Do you have a reliable Internet connection? Can you access it from anywhere? How much access do you want to give your trustees and employees? Do you understand the GDPR regulations and know how to comply with them?
What are the other possible options?
As an organisation, it is important that you really think about how you want your data to be stored? What happens when your database gets bigger or you want a more sophisticated website or communication channel with your customers? You can choose one of the cheap and freely available tools but bear these considerations in mind. You can also choose to use a company who will provide their own hosting solutions for you; these third party companies will have to abide by security rules, must offer disaster recovery and backup options and must abide by GDPR data protection regulations. As you are a charity, many companies will be willing to offer these services at a reduced rate, and you would be paying for them to store your data in one place with technical expertise at hand. This also reduces the chances of your data being accessed insecurely by one of your trustees or employees.
What would you recommend?
Really, this all depends on the size of your charitable organisation and your levels of in-house expertise. If your data is not too sophisticated, then any of the offerings by Google, Microsoft, Amazon and so on are sufficient. The only downside to these is that you won’t have ready access to technical help and assistance if you run into problems. If you are looking to radically increase your market and interest in your charity, then you may wish to consider the use of a specialist cloud data storage company for peace of mind.
As Safe Data Storage continues to grow, we like to keep up our reputation as being the safe and secure backup and recovery service that our customers know and love. That means we have to make sure our network is protected at all times from any potential threats that may arise. In that regard and as you may be aware, we acquired the Cyber Essentials certification.
By acquiring the Cyber Essentials certification, Safe Data Storage was able to show that we have all the required security controls in place to keep our systems protected. However, this certification only goes by our word and external scan. Whilst great to have, we wanted to be able to prove that we have all these controls in place and show our clients that we have secure systems for their data.
Therefore, we are proud to announce that we have acquired the Cyber Essentials PLUS certification! This certification has all the same requirements as the standard Cyber Essentials scheme, but the critical difference, is that we were required to have an independent assessment by a CREST approved auditor to make sure we have the five security controls in place. This assessment involved a vulnerability scan of our internal network, to check we had everything in place, which we are proud to say we have passed.
Cyber Essentials PLUS
The Cyber Essentials scheme is a cyber security standard, launched on 5th June 2014, which organisations can be assessed and certified against. There are two levels to this certification: Cyber Essentials and Cyber Essentials Plus.
The scheme identifies the security controls that an organisation must have in place within their IT infrastructure in order to have confidence that they are addressing cyber security effectively and that their systems are protected from external and internal threats.
Since 1st October 2014, all suppliers must be compliant with the specified security controls and certified with Cyber Essentials if they’re considering bidding for government contracts which involve the handling of sensitive and personal information.
The scheme has five main technical security controls:
It provides organisations with the knowledge of how to implement these measures in their cyber security efforts, whilst also learning how they can improve their current systems if they are found not to be adequate.