Mitigate Insider Data Theft with a Business Email Archiving Solution

A business email archiving solution can help mitigate one of the most underrated cybersecurity threats – insider data theft. Research shows insider data theft occurs more often than most businesses believe, and consequently few businesses implement measures to prevent it.

The scale of insider data theft – employees stealing confidential data to either sell on the black market or use to leverage a new job – has been well chronicled since 2009; when research conducted by the Ponemon Institute revealed that almost 60 percent of departing employees delete email data when they leave their jobs or take data with them.

A similar survey conducted in 2017 by Osterman Research found that 69 percent of the businesses surveyed had suffered “significant data or knowledge loss” due to insider data theft; but whereas previously stolen data consisted mainly of client contact lists, departing employees often steal much more data and often highly sensitive information.

The concern with these two reports is that the figures quoted only relate to insider data theft that has been identified. Much more data could have been stolen, but the businesses researched did not know about it. A third study found that 60 percent of businesses are unprepared for employee data theft and that even fewer used a business email archiving solution to help prevent against malicious actions by disgruntled employees.

How to Mitigate Insider Data Theft with a Business Email Archiving Solution

Not all insider data theft is intended – or intentionally malicious. The Osterman Research study found some employees stole data without realizing they were doing anything wrong, while others only took intellectual property they helped create. Nonetheless, the outcome is still the same; and because many email services fail to provide backup and recovery services by default, the stolen or deleted data is often not recoverable.

A business email archiving solution mitigates the threat of insider data theft by copying each email as it passes through the mail server, indexing it, and archiving it in a secure server – ideally one in the cloud that encrypts data in transit and at rest. A cloud-based business email archiving solution also has the advantage of storing data in one place – eliminating the need for PST files on users devices. It also speeds up the search and restore process.

Provided an appropriate email archiving policy is enforced, any unauthorized access to archived email data is prevented. Authorized employees can retrieve emails on demand quickly and easily, with the business email archiving solution monitoring user activity and producing audit logs so any alterations to archived emails can been identified and reversed if necessary – ensuring the integrity of data and fulfilling compliance requirements for businesses in regulated industries.

Compliance Benefits of a Business Email Archiving Solution

In many businesses it is necessary for data to be stored securely, retained for certain periods of time, and to be quickly accessible when a natural or man-made disaster occurs. A cloud-based business email archiving solution saves time when businesses are subject to e-discovery or compliance audits, and retention policies can be enforced by keyword to avoid the accidental deletion of indexed emails.

In addition to mitigating insider data theft, accelerating searches, and helping to enhance compliance efforts, a cloud-based solution for archiving business emails frees up space on on-premises servers thereby improving performance. It also can reduce the number of requests made to IT personnel from employees who have deleted an email in error, as employees can be allowed to access their own archives.

Solutions for archiving business emails are quick to implement, simple to use, and integrate with business directories Active Directory and LDAP so that access controls can be applied with the click of a mouse. The job of monitoring user activity and ensuring the integrity of data is also simple due to the reporting capabilities of a business email archiving solution, which can help to identify suspicious activity.

Business Email Archiving for GDPR Compliance

In May 2018, businesses that collect, process, or store personally identifiable information relating to the EU citizens became subject to the General Data Protection Regulation (GDPR). The GDPR allows EU citizens to request access to data kept on record about them and to find out with whom that data has been shared. EU citizens also have the right to request their data is permanently deleted – which it should be automatically once it has served the purpose for which it was collected.

Responding to access requests, or deleting email data once its useful purpose has been served can be a time-consuming process when emails are backed up and archived on removable physical devices. Certainly it is difficult to reply to a “right to be forgotten” within the thirty days allowed and be sure that every piece of data pertaining to the individual has been located and deleted.

A cloud-based business email archiving solution resolves this issue and avoids the business being subject to a financially penalty for non-compliance; which, in the most extreme cases, can amount to €20 million or 4 percent of global turnover – even if a breach of data has not occurred. Furthermore, a business email archiving solution will also comply with the GDPR rules relating to data security and audit trails.

ArcTitan – WebTitan’s Solution for Archiving Business Emails

ArcTitan is WebTitan´s cloud-based solution for archiving business emails. It is extremely fast – archiving up to 200 emails per second and capable of searching 30 million emails per second – and extremely scalable – supporting up to 60,000 users. Being cloud-based, storage space is never an issue. Storage space is automatically increased when needed, yet businesses are not charged for that space, only for the number of active users. Importantly for businesses of all sizes, ArcTitan is compatible with all leading email service providers, and compliant with regulations such as GDPR, HIPAA, and Sarbanes-Oxley.

ArcTitan´s versatile policy engine enables administrators to apply permission tiers so that authorized users can either search for their own emails, departmental emails, or business-wide emails. Authorized access to archived data is instant, and retrieved emails can either be restored to the mail server, printed, or exported to file – with every activity monitored in real-time. ArcTitan ensures an exact, tamper-proof copy of all emails is retained and an audit trail is maintained to meet legal requirements.

if you are an MSP who would like to add email archiving to your service stack, ArcTitan is an ideal choice. The solution has many MSP-friendly features. There are multiple hosting options, APIs are supplied to allow you to integrate the solution into your auto-provisioning and client management solutions, and ArcTitan can be supplied as a white label ready to take your own branding. You will also benefit fro a generous margin and industry-leading customer support.

Some of the key features of ArcTitan are detailed below:

If your business is experiencing email data loss due to the actions of departing employees, a risk assessment has found gaps in regulatory compliance, or you are unhappy with the performance of your existing email archiving solution, do not hesitate to get in touch in order to find out more about our business email archiving solution.