E-mail Alert: How hackers can use your productivity apps to hold your data hostage

The success of a business is ultimately contingent on the productivity of its employees. This is why the prospect of an attack on the software that has the highest impact on workplace productivity can do so much more than financial damage. 

Not only could a hack shut down access to your email – often the lifeblood of your business function – but also everything that is associated with it. Think of your contacts, sensitive attachments and of the impact not being able to access them when you need them. With an estimated 50 million Office 365 monthly active users globally, a huge portion of Microsoft users could be putting themselves at risk without knowing it.

As well as your critical emails being affected by an attack, so too could everything else associated with the Office 365 productivity suite. This includes documents, spreadsheets and notes created by employees. All of these are equally vital, and you should consider it a priority that they are all protected from external threats. 

It is not a question of whether you suffer an attack but when, which requires a plan.   

Ransomware on the rise  

Although Microsoft does provide some level of protection and backup of its customers’ data, it is ultimately the user’s responsibility to ensure data is adequately protected. This is a consequence of the common misconception that Microsoft backs up your data indefinitely. In fact, your data is stored for 30 days and if within that time frame you haven’t taken it upon yourself to perform a manual backup, your data is gone.  

Adding a cloud-based backup to your Office 365 is one way of mitigating the risk of attacks. You can protect valuable emails, contacts and files in Exchange Online, SharePoint Online and OneDrive from the worst results of ransomware, insider attacks and accidents.

According to recent research by Telstra, 63 per cent of global respondents and 65 per cent of Australian respondents reported their business was interrupted by a security breach in the past year. 

Ransomware, a malicious program that infects a device and either encrypts or blocks access to data until the victim pays for its return, has become a major threat in this regard. Though it has existed for many years, it has recently become the most common variety of malicious code. Once it strikes, it is difficult to defeat without paying. And because perpetrators request payment through anonymous tools such as cryptocurrency, they are rarely caught.

Credit: Supplied

Imagine urgent emails, office documents and spreadsheets, and years’ worth of contacts suddenly being kept from you and the users you support. Not only can you no longer access your email or files, you likely cannot use your device at all. Criminals can completely rob every one of their ability to work. The thought should be enough to skyrocket the stress of any IT professional. And over the last year, it happened to thousands of organisations.

The biggest threats come from within

According to a recent blog by Gartner analyst Avivah Litan, there has been a 50 per cent year-over-year increase in customers asking about security against insider threats. While solutions are available, none are foolproof. Part of the reason why internal breaches happen so frequently is because insiders have access to valuable data and often have legitimate business reasons to use and transmit it. 

So, how can you protect your organisation from insider threats? As with external threats, the key is to limit the possible damage and discover misdeeds quickly.  

However not all insider breaches are intentional. Did you know, accidents are the second most prevalent cause of data breaches after web app attacks? Every day, employees delete important emails, files and entire folders, corrupt files, send documents to the wrong recipients and otherwise “oops” their way into IT’s angry crosshairs. 

These accidents can be avoided with a combination of good employee training and strong internal processes. But to err is to be human, and eliminating human error entirely is impossible by anyone’s standards. 

But what if you could mitigate the risk of ransomware attacks, insider misuse and accidents? 

A cloud-based backup solution does not purport to block all future cyber-attacks. Rather this technology allows you to quickly recover any data that has been lost or compromised in the event of a hack. With this safety layer applied to your business model, you can rest easy knowing you have a copy of your data available, if at any point, you do suffer a breach. You can even call on this if an employee deletes or mistakenly corrupts a valuable file and a trusted copy will await in your backup solution.

The bottom line is that although security tools are becoming more and more sophisticated, so too are the threats they face. The best thing you can do to protect your business from cutting edge ransomware, disgruntled employees or clumsy clicks is by backing up regularly. 

Having a copy of everything your business needs to function means your business has everything it needs to remain productive even in the event of an attack outage. And what’s more, you have the peace of mind that your company won’t suffer as a consequence.