Month: July 2019

2019 Email Archiving Price Comparison

We have performed a 2019 email archiving price comparison to help you choose the best value email archiving solution for your business.

An email archive is a depository for all emails that are no longer required but cannot be deleted for legal and compliance reasons. The email archive contains an exact copy of every message sent or received across all corporate mailboxes. Those messages are moved out of the mailbox to the archive to free up space and ensure that important emails can not be accidentally deleted and are always recoverable.

In contrast to a backup, an email archive is searchable. Emails can be found and retrieved quickly and easily on demand. An email archive is therefore a useful email repository that can be used on a daily basis to store emails, freeing up space on your mail server to improve performance.

There are many reasons for creating an email archive, but one of the most important is for eDiscovery. Court orders for email communications may be received and emails must be produced as part of the eDiscovery process. Since an email archive is searchable, recovering messages from the archive takes minutes. Finding and recovering emails from backups can take days, if they can be recovered at all.

The failure to produce emails on demand for eDiscovery can result in significant fines. In the case Coleman Holdings v. Morgan Stanley, a Florida Circuit Court awarded $15 million in damages for the failure to comply with email discovery obligations. In Zubulake v. USB Warburg, $29 million in damages were awarded to the plaintiff as the defendant was unable to locate and produce important emails.

State and federal laws in the United States are not the only reason for implementing an email archive. Since the EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, all businesses that collect or process the personal data of EU citizens must implement safeguards to protect personal data. An email archive meets that requirement by storing an encrypted copy of email data, protecting against data loss and unauthorized access.

GDPR also gave EU citizens new rights, such as the right to be forgotten. If that right is exercised, all data relating to that individual must be deleted. That includes personal data in emails. With an email archive, locating those emails is quick and easy. The failure to respect GDPR rights and process requests in a timely fashion can result in a financial penalty of up to €20 million, or 4% of global annual turnover, whichever is greater.

2019 Email Archiving Price Comparison Grid

TitanHQ has created an email archiving price comparison grid to help you find the most cost-effective email archiving solution. The grid below has been compiled using pricing information based on 100 users.

As you can see, TitanHQ’s email archiving solution, ArcTitan, is extremely competitively priced and costs less than $3 per person per year.

 

Common Myths About Email Archiving Debunked

Email is now the main method of communication for businesses. Each day, a typical business will receive thousands of emails. Those messages need to be retained for several years to meet state and federal laws and certain industry regulations.

There are two options available to businesses to meet data retention laws for email. Businesses can backup all email data or create an email archive. While businesses will be familiar with the former, there is considerable confusion about the latter.

In this post we will explore some of the common myths of email archiving and will explain the important differences between email backups and email archives.

One of the commonest misconceptions about email archiving is an archive is not necessary because data backups are already performed. Backups are essential as they ensure data can be recovered in the event of disaster. Backups allow a business to create a restore point so that in the event of a catastrophe, systems can be restored to their state at a specific moment in time – The date and time that the backup was created.

An email archive is different. An email archive is used for long term storage of emails. Emails are archived with metadata and can be searched and recovered quickly. Backups are not searchable, so finding and recovering specific emails or conversation threads can be incredibly time consuming.

An archive makes legal discovery, investigating complaints, and providing evidence for compliance audits simple. With an email archive, single messages, threads, and conversations can be quickly and easily recovered.

Another common myth about email archiving is it is only a requirement for businesses in certain industries such as finance and healthcare. While email archiving is essential for meeting regulatory requirements in certain industries, it does not mean that email archiving is just for highly regulated industries.

The U.S. Federal Rules of Civil Procedure require emails to be producible in the event of legal action. If emails cannot be produced, the company could be liable for the destruction of evidence and face stiff financial penalties.

Another common myth is email archives increase risk. Many companies choose a short email retention period, such as 90 days, and require all complaints to be submitted in the same time frame. After 90 days, emails are deleted as they are no longer required. That, however, is a dangerous strategy.

Deleting emails from the email server only deletes local copies. It is probable that emails will have been retained on the recipient’s server. Short retention periods also make the process of eDiscovery more time consuming, expensive, and difficult.

The other risk is that of exposure of sensitive information. Many companies believe that it is more secure to create email archives on on-premises hardware. Security is naturally a concern, but cloud-based email archives are just as secure, if not more secure than on-premises archives. Cloud based archives are automatically backed up to prevent data loss in the unlikely event of hardware failure.

Cloud-based archives also have considerable advantages. They are scalable, so when more storage space is required it is available immediately. With on-premises archives, businesses are limited by their IT hardware and software. Purchasing additional hardware can be expensive and resources must be devoted to managing and maintaining that hardware. Businesses typically save up to 50% of maintenance time by using a cloud-based email archive. Cloud-based archiving is therefore more cost effective and does not involve sacrificing security.

With an email archiving solution, businesses can meet their regulatory obligations, will be able to respond quickly to eDiscovery requests, and will have easy and fast access to any email message or attachment, even if that message was received several years previously. With an email archive, all critical email data is safely and securely saved and stored and can be recovered quickly on demand.

ArcTitan: Email Archiving for SMBs and MSPs

If you are not currently archiving your emails or you are unhappy with your current email arching solution provider, TitanHQ can offer a solution. ArcTitan is a powerful, secure, easy to use, and lightning-fast cloud-based email archiving solution for MSPs and SMBs that is compliant with all email retention regulations.

Key Features of ArcTitan

  • Scalable, email archiving that grows with your business
  • Email data is stored securely in the cloud on Replicated Persistent Storage on AWS S3
  • Lightning fast searches – Search 30 million emails a second
  • Rapid archiving at up to 200 emails a second
  • ArcTitan automatically backs up the archive
  • No impact on network performance
  • Ensures an exact, tamper-proof copy of all emails is retained
  • Easy data retrieval for eDiscovery
  • Protection for email from cyberattacks
  • Eliminate PSTs and other security risks
  • Facilitates policy-based access rights and role-based access
  • Performs multiple searches simultaneously
  • Save and combine searches
  • Search email messages and attachments simultaneously
  • Slashes the time and cost of eDiscovery other formal searches
  • Migration tools ensure the integrity of data during transfer
  • Seamless integration with Outlook
  • Supports single sign-on
  • Users can be given permission to access their own archived emails
  • Only pay for active users
  • Compliant with regulations such as HIPAA, SOX, GDPR, Federal Rules of Civil Procedure, etc.
  • White-label version of ArcTitan is available for MSPs and resellers

U.S. Mayors Vow Not to Give in to Ransom Demands

Ransomware attacks have been increasing since late December 2018 and attacks have been reported with increasing frequency as 2019 has progressed. Ransomware may have fallen out of favor with cybercriminals in 2018, but it is once again a firm favorite as it was in 2016 and 2017.

In recent months there has been an extensive ransomware campaign targeting local government offices, cities, and municipalities. These attacks have caused massive disruption, and many have resulted in ransoms being paid.

In the past few days alone, three ransomware attacks have been reported that have seen more than $1,200,000 in ransoms paid. Riviera Beach in Florida paid a ransom of $600,000 for the keys to unlock its encrypted files and Lake City in Florida paid around $460,000. Most recently, La Porte County in Indiana paid a ransom demand of $130,000.

These are just three of many. According to the United States Conference of Mayors, in the past 6 years, more than 170 city, county, or state government systems have been taken out of action as a result of ransomware attacks and there have been 22 attacks so far in 2019.

Cybercriminals will continue to conduct attacks as long as it is profitable to do so. When ransoms are paid, it simply encourages further attacks. The United States Conference of Mayors has decided to take a stand. The organization represents more than 1,400 majors across the United States and has vowed that in the event of attack, ransom demands will not be paid.

That is a necessary step to take to de-incentivize attacks but it could potentially be very costly. In 2018, the City of Atlanta was attacked with ransomware and refused to pay the $50,000 ransom demand. The city has ended up spending tens of millions of dollars on recovery.

The high cost of recovery without paying the ransom could prove too much for small cities, which is why several have been advised by their insurers to pay the ransoms.

In such cases, help is required from the federal government. The majors have urged Congress to pass the State Cyber Resiliency Act, which would give state and local governments the support needed to help them implement their cyber resiliency plans

What is also needed is greater investment in cybersecurity defenses. Attacks are being conducted because there are security holes that can be easily exploited. Until those holes are plugged, the attacks will continue.

TitanHQ can help plug those holes and thwart ransomware attacks by blocking the main attack vectors. SpamTitan is a powerful email security solution that blocks email-threats at source and keeps inboxes threat free. WebTitan protects users while online and blocks malicious websites and malware downloads. With both of these powerful, but low-cost solutions in place, you will be well protected against ransomware attacks.

La Porte County Latest Victim in String of Ransomware Attacks on Municipalities

There has been a spate of ransomware attacks on cities, municipalities, mayor’s offices, and local government facilities in recent weeks.

The latest attack was on La Porte County in Indiana. The attack started on July 6, 2019, but prompt action by the IT department allowed the ransomware to be contained. That rapid response meant only 7% of the laptops used by the county were affected. However, two domain controllers were also affected and that rendered the network unavailable.

Experts were brought in to try to restore files from backups and bring the network back online, but those attempts failed as the backup servers had also been infected with the ransomware. La Porte County was left with no alternative other than to pay the ransom demand. The Bitcoin ransom equated to around $130,000, $100,000 of which was covered by an insurance policy.

This attack involved Ryuk ransomware – The same ransomware variant that was used in the attack on Lake City in Florida on June 10, 2019.  For Lake City, Ryuk ransomware was delivered by the Trickbot Trojan, which was in turn deployed by the Emotet Trojan. Lake City paid approximately $500,000 to the attackers to obtain the keys to unlock the encryption. Riviera Beach in Florida was also attacked and paid a ransom of around $600,000.

These are just three cases out of several recent attacks. Those three attacks alone have resulted in more than $1,200,000 being paid to cybercriminals. That sends a very clear message to other cybercriminals that these attacks can be extremely profitable. That is the reason the FBI advice is never to pay.

2018 saw a decline in ransomware attacks as cybercriminals pursued other strategies for attacking businesses, but ransomware is now certainly back in favor and is being used in an increasing number of attacks.

Something that several of the targets in the recent ransomware campaigns have in common is they are relatively small cities that have limited resources to devote to cybersecurity. They have hardware and software that has reached end of life and, due to limited funds, security gaps have started to appear.

Riviera Beach, for instance, is a city of 35,000 people with limited resources. It had recently undergone a period of turmoil in management, had suffered scandals, and during the upheaval its cybersecurity contract had been allowed to lapse. That left the door wide open to attack.

These attacks have proven incredibly costly, yet they could have been prevented with a very small spend on a select number of security solutions. The attacks on Rivera Beach and Lake City could have been prevented with an advanced email security solution such as SpamTitan. The ransomware was installed in both of these attacks as a result of employees opening malware-infected email attachments.

SpamTitan incorporates dual anti-virus engines to detect malicious software and a Bitdefender-powered sandbox for deep analysis of suspicious email attachments. SpamTitan incorporates DMARC email authentication to counter email impersonation attacks and a host of other anti-spam and anti-phishing controls.

SpamTitan can be deployed as a gateway solution on existing hardware or as a cloud-based solution, and can be easily layered on top of Office 365 to improve protection against phishing and ransomware attacks.

Further, the cost of protection against ransomware and phishing attacks is likely to be much lower than you think. For more information, contact TitanHQ today.


 

Monroe College Ransomware Attack: $2 Million Ransom Demand Issued

There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.

Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.

Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.

The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.

This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.

$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.

Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.

There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.

In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.

For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.