There’s a popular misconception that any cloud solution provides everything your business needs, and you no longer need to worry about anything to do with your IT.
Whilst cloud services, including Microsoft 365 email, do take away a lot of your pain in terms of having to buy servers and run expensive infrastructure in your office, you can’t forget about the necessary additions for Office 365 email protection and compliance. Let’s take a look at five hidden costs behind Microsoft 365 that you may not have considered.
1. Cloud Email Security
The first hidden cost is your Office 365 email protection and security. This is where you have a filter in front of your email system, preventing dangerous emails and spam from coming into your inbox. Many people confuse this with a regular spam filter, but scams have come a long way, and it’s getting harder for regular spam filters to keep up.
Cybercriminals can easily obtain email addresses from social media, by visiting your business website or by buying email addresses in bulk. It’s not even difficult to do.
Few people understand that using Microsoft 365 email out of the box doesn’t furnish you with Office 365 email protection, so you’re leaving yourself wide open for a phishing attack.
Or added security, you’ll need a robust cloud security solution working alongside Microsoft 365. Microsoft themselves provide a product called Microsoft Defender for 365, but this is an additional email security cost to your Microsoft licensing.
We are firm believers in using a separate company from Microsoft to protect the Microsoft platform. We always recommend a specialist security company like Sophos. Sophos provide an email gateway product that can protect your Microsoft 365 –around £2.50 per month is a small email security cost to provide much-needed Office 365 email protection for each mailbox.
2. Microsoft 365 Backup
The second hidden cost of running Microsoft 365 is in backups. It’s widely believed that putting all of your data into Microsoft 365 means you don’t need to worry about backup anymore and that Microsoft will take care of everything, but it’s just not true.
Microsoft provides all of the infrastructure that your Microsoft 365 is sat on. They’ll ensure uptime, meaning you don’t have to invest in servers and infrastructure to run your email accounts. Microsoft also provides all of the upgrades, so your platform is always current.
However, Microsoft doesn’t cover everything for you, and the Microsoft service agreement even states, ‘We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.’
Having a third party backup for your Microsoft 365 is the best and most sensible way to protect against accidental and malicious file deletion, ransomware and data corruption. Check out our previous blog post for more information on backing up Microsoft 365.
Again, backing up Microsoft 365 isn’t too expensive (at around £2 per mailbox per month), but it is still a hidden cost.
3. Email Archiving
The next hidden cost of Microsoft 365 is email archiving.
What is email archiving? An email archive provides your business with a permanent copy of every email sent or received by anyone in your firm. It is completely separate from individual inboxes, meaning that someone could delete an email from their inbox, and the copy of the email would still be in the archive.
Email archiving is usually imperative for Office 365 email protection and compliance. For example, many of our clients are legal firms, accounting practices and financial services companies. They have to keep things like important emails, letters or legal documents for a certain length of time, and the only way they can guarantee this with email is by using an archiving solution.
If you don’t have an archiving solution in place, then someone can delete their emails. After a certain length of time, if you’re using Microsoft 365, that email is gone.
How does this differ from a backup?
A backup is to return a system or file to a state that it existed in previously. You might do something as simple as deleting a word document and needing to restore it. Or it might be something large like a ransomware attack, and you need to restore your entire computer system. Additionally, backups are typically only held for a certain amount of time before being deleted.
However, a backup wouldn’t be able to help if someone said to you, “We need to see a copy of an email Jane Smith sent to ABC Solicitors on 5th June 2007.” However, you could find that email from your archives in a matter of minutes.
While email archiving used to be largely limited to companies in legal and financial services sectors, many other businesses are now choosing to adopt it for good measure. If you need this, it’s a hidden email security cost to Microsoft 365.
4. Email Encryption
It’s also important to bear in mind Office 365 email encryption costs. We all rely on email for communication, and some people prefer email to talking face-to-face. But can you be sure that your emails are secure?
Email was invented in the 1970s as a simple messaging tool; it wasn’t done with security in mind. And, yes, email security has improved and adapted since then.
When you send an email, it’s a little bit like posting a letter. You write the letter and send it, but you are relying on other people along the way to deliver that letter for you. You hope that the letter ends up in the right place, with the right person and that nobody reads it along the way.
The problem is, businesses of all sizes are still using email to discuss all kinds of private and personal information, including passwords, credit card information and highly confidential documents. These can be high-value to hackers, so it’s important to invest in Office 365 email encryption costs.
Email encryption will scramble your email when it leaves your computer, and it will stay scrambled (or encrypted) around the internet until it reaches the recipient’s email system – that’s known as end-to-end encryption. Even if anyone intercepted the message, it would be unreadable.
To use encryption with Microsoft 365, you’ll need an enterprise plan or a license add-on: another hidden email security cost. There are also other products available – Sophos, our chosen security provider, has an email encryption product too.
5. Phishing Training
Today, giving people access to an email system without Office 365 email protection and security training is like giving people access to power tools without proper PPE. You are leaving your business wide open for potential disaster.
Over the past few years, the sophistication of cyber-attacks has grown massively, and many of the people using computers and technology haven’t had any training in spotting and defusing new threats. As a result, cybercriminals are making millions of pounds because their targets don’t know how to prevent it.
The answer is really simple. As a business leader, you have to provide your staff with proper knowledge and training. The cyber training that my MSP provides is all based online and lasts for 3-4 minutes per week. Regular, bite-sized training that gives people the tools they need.
We recommend Sophos Phish Threat. It’s a monthly email security cost per user to keep your team up to date on the latest scams and phishing campaigns and how to avoid them.
Think of it like this – would you rather spend £100-£150 per month on cyber training for everyone, or lose £25,000 due to a phishing attack?
Hidden Email Security Costs: Total
So let’s look at the costs:
- Exchange Online £3
- Email Security £2-3
- 365 Backups – £2-3
- Email Archiving £3-5
- Email Encryption £2
- Phishing training £2-3
When you factor in all of the hidden costs to not only run your email accounts but also to keep them secure and compliant, your £3-per-user email license could easily cost £15-20 per user/per month.
If you aren’t sure if you have sufficient Office 365 email protection, please get in touch with our expert team today. We offer cyber security and consulting services, and we’re well-versed in ensuring that Microsoft 365 is running optimally for your business.