How do you defend against a user error?
What is user error? Think of user error as the “deadly oops” – a simple, honest mistake with disastrous consequences. According to a recent Aberdeen report “SaaS Data Loss: The Problem You Didn’t Know You Had” one third of SaaS users reported losing their data from an application like Office 365.
User error falls into two general types: accidentally deleting information, or intentionally deleting data only to need it later.
In the first case, it could simply be a matter of deleting an Outlook message when you thought you archived it. (Many organizations retain their deleted messages for 30 days, but by default Office 365 retains these emails indefinitely – unless otherwise determined by an administrator.) The same holds true for SharePoint and OneDrive for Business documents. Calendar events and Contacts entries, however, have no trash folder from which you can rescue mistakenly deleted data. A simple slip of the mouse or misunderstanding of how Office 365 works could lead to a major loss of business data.
In the second case, you or a colleague could erase a document or message you were certain was no longer necessary only to later find that data is vital, but cannot be restored. This happens often when projects end or employees depart; shared data gets deleted because the owner is done with it, never suspecting that someone else in the organization still has a need for the information. Occasionally, that “someone else” is very scary and very important, like the IRS or an industry regulator. These groups don’t tend to accept the “Microsoft ate my homework” excuse.
Why Microsoft can’t stop user error
Microsoft can’t protect you from yourself. You told Office 365 to delete data, and the platform did what you asked. To abuse an analogy, even the safest car on the road will suffer damage if you absentmindedly drive it into a wall.
What user error can cost you
Most of the time, an accidental deletion involves a single item. In our own past research, we found that the average email is worth about $2.11 and the average document is worth about $217.20, based on the time and money needed to recreate the lost data. The average user deletes a critical item roughly three to four times per year. That means in any given year, you could lose as little as $6 to well over $800 for every user on your domain.
How to defend against user error
A “no deletion” information policy is the best place to start in defending against user error, as it should answer the “should I purge this or keep it?” question every user is supposed to ask before clicking the delete button. Office 365 makes it easy by keeping items in the Deleted Items folder indefinitely. Unfortunately, not every user bothers to ask that question before gunning zealously for an empty inbox or emptying their Deleted Items folder. But at least from an administration standpoint, Office 365 does not automatically delete (unless you tell it to). Regularly scheduled backups of your Office 365 data are your safest protection against user error. The best way to keep your data out of harm’s way is to keep a copy of it where it can’t ever be deleted. Of course, it is important to include data standards and best practices as part of your regular employee training – especially part of your new employee onboarding, ensuring that everyone is aware of how the system works, and what the company expects as far as data handling and deletion policies around sensitive data.
Microsoft is very good at avoiding their own errors. And chances are, they won’t lose your data. But there are some situations where Microsoft can’t help, and it’s up to you to be proactive.