Implementing an email archiving solution has many benefits. A cloud-based solution for archiving emails can help reduce the workload of an email server, free resources in an IT department and eliminate the need for mailbox quotas. It can help organizations comply with regulations regarding data security and retention, and can enable the quick retrieval of documents required for e-discovery and audit purposes.
However, one of the biggest benefits of an email archiving solution is the protection of critical information against theft by employees inside the organization and hackers outside of the organization. These sets of individuals – particularly employees about to depart their jobs – steal data that can be monetized, and organizations often fail to implement measures to prevent it.
The Scale of Email Data Theft
The increased profile given to phishing attacks has overshadowed several other email attack vectors, including email data theft. In this scenario, hackers infiltrate organizations´ mail servers, steal emails, and threaten to delete data if a ransom is not paid. The concept is not dissimilar to ransomware, except all of an organization´s other network functions are unaffected.
Rarely are employees so malicious in their theft of email data but data theft is still common. In 2009, the Ponemon Institute released a report in which it was alleged nearly 60% of departing employees steal data when they leave their jobs. A deeper reading of the report reveals that much of the stolen data were customer contact lists that employees used to leverage a new job. However, this data theft can still hurt an organization.
More recent research by Osterman Research revealed 69% of organizations have experienced “significant data or knowledge loss” due to email data theft by departing employees. In many cases the thefts were of data that could be used in a new position, but there was a growing trend for departing employees to alter or delete email data with the sole purpose of causing havoc once they had left.
How an Email Archiving Solution Mitigates Email Data Theft
An email archiving solution mitigates email data theft by copying data from the organization´s mail server and storing it a secure data center. Previously, organizations would often store data on removable media such as magnetic tapes or discs, but recently the trend has been towards a cloud-based solution for archiving emails because of its greater security and ease of use.
As data in a cloud-based solution for archiving emails can be retrieved at the click of a button, this type of email archiving solution eliminates the need for backups on removable media. A cloud-based solution for archiving emails makes retrieval quicker and enables emails to be archived at the time of receipt and sending, rather than allow business-critical data to accumulate in mailboxes for a predetermined period.
As well as cancelling out the impact of hackers removing data from an email server, an email archiving solution should maintain an audit trail logging any alterations to archived emails. Using the tamper-evident feature, administrators can restore emails to their former state if a departing employee has altered data with a malicious motive. This feature is not present in every cloud-based solution for archiving emails, despite it being such an important feature.
Tamper-Evident Audit Logs and GDPR Compliance
Tamper-evident audit logs are also an important feature for organizations subject to the EU´s General Data Protection Regulation (GDPR). The Regulation applies to every organization that collects, processes, shares or retains EU residents´ personal data and, under Article 2 of GDPR, organizations have a responsibility to implement measures to prevent loss, theft or “the unauthorized disclosure, dissemination, access, or alteration of personal data”.
Inasmuch as data theft can be a serious problem for organizations, the consequences of failing to comply with GDPR can be just as substantial. Organizations can be fined €20 million (c. $24.5 million) or up to 4% of their gross annual turnover for failing to comply with GDPR. However, should an appropriate mechanism be implemented to mitigate the threat of data theft, the financial penalty can be significantly reduced.
ArcTitan – An Effective Email Archiving Solution from WebTitan
ArcTitan is WebTitan´s cloud-based solution for archiving emails. ArcTitan is versatile, compatible and scalable – supporting up to 60,000 users – and complies with regulations regarding data security and retention as required by federal legislation such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA).
ArcTitan can archive 200 emails per second and search 30 million emails in the same time either by individual user, user-group or organization wide. Retrieved data can be can be exported to file, printed or restored onto the organization´s email server, and retention policies can be created to avoid the accidental deletion of emails subject to federal legislation.
ArcTitan is compatible with all leading email servers and works across multiple exchange servers and multiple exchange stores. Our cloud-based solution for archiving emails works seamlessly with Office 365, as we supply a plug-in that enables authorized users to access archived data from within Outlook. It can also be integrated with LDAP, Active Directory and a host of other management tools.
Emails are encrypted in transit and at rest and are stored securely on Replicated Persistent Storage on AWS S3, with the archive automatically backed up to prevent data loss.
Try ArcTitan Free for Thirty Days
If you have concerns about email data theft from your organization, would like to ensure compliance with federal legislation, or simply want to reduce the workload of your email server, speak with our team of Sales Technicians about a thirty-day free trial of our ArcTitan email archiving solution.
Our team will answers any questions you have about our cloud-based solution for archiving emails and guide you through the process of registering for your free account. Once your account is created, we will walk you through the process for configuring your email server or, if you would rather your IT department were involved, liaise with your team to manage deployment of our email archiving solution.
There is no obligation for your organization to continue with our service once the free trial has ended. There are no contracts to sign or credit cards required. Simply contact us today, and you could be evaluating the benefits of an email archiving solution in your own environment - and reducing the risk of email data theft - within a short space of time.