Johannesburg, 25 Aug 2020
Having all but replaced the phone call and the paper document in terms of business importance and effectiveness, e-mail has become an even more indispensable tool to businesses since the COVID-19 lockdown was implemented. It has become a vital link in the distribution of critical information, including customer data and even contracts.
Of course, says Floyd Derry, Technical Operations Manager at SYNAQ, when information is this business relevant and crucial, it needs to be protected, stored and extracted securely. This is particularly necessary today, since most modern organisations run their full day-to-day business in this manner, across an e-mail system.
“When one looks at securing e-mail, an organisation not only needs to ensure that in security terms, it knows what information is being sent out via this tool, but then also that whatever data is being sent is secured before leaving the corporate server. Of course, in security terms, the biggest challenge one faces with e-mail is that your data is only as secure as the weakest link in the chain,” he says.
“In essence, if the server on the receiving end is not properly secured, the entire mail trail is susceptible to criminal activity such as spoofing and phishing. Therefore, mail encryption is absolutely vital today, while it is equally necessary to have sender policy frameworks in place.”
Derry points out that recent legislation, such as the General Data Protection Rule (GDPR) and the Protection of Personal Information (POPI) Act, means that companies are bound by law to securely store data for specified periods, and to delete it once that period ends.
“To this end, there is always a lot of important information to be found sitting in individuals’ mailboxes and on their PCs, and sometimes this data is even accidentally deleted by them. In order to overcome these challenges and meet regulations, it is necessary to ensure all e-mails are stored in a centralised place, where they can be accessed if required.
“Mail archiving solutions are ideal here, as they send copies of mails to the archive as they arrive, and these messages are tamper-proof too, as they are stored in an encrypted state, allowing businesses to easily store this information for as long as is legally allowed. Moreover, these archives are searchable, so tracking down older information is made easy and, with the implementation of data retention policies, the organisation can ensure data is automatically deleted from the system as regulations demand.”
When one considers the fact that e-mails often contain large quantities of data that companies can access and analyse, in order to improve their products, service and customer relations, ensuring it is archived and available for such analysis is important.
“However, the ingestion, management, accessibility and extraction of this data can be both administratively intensive and problematic if badly done. Think about it: the process of ingesting such information can be complex due to the number of data sources; the management and accessibility requires certain infrastructure, tools and expert employees, all of which is costly; and finally, when it comes to the extraction of the data, this too can be complex and expensive.”
“This is one of the reasons we recommend people move their archiving to the cloud – not only is it more cost-effective and reduces the requirement for having specialist skills on site, but it also enables the organisation to build custom searches for specific needs – for example, searching for all data within a specified time period, or that was sent from specific e-mail addresses – which makes the extraction process much simpler too,” suggests Derry.
Then, from a legislative perspective, enterprises should also consider a cloud archiving solution, as these are designed specifically to cover the legal data retention requirements around e-mail. However, he says, security is equally crucial, which is why you would ideally want some form of encryption linked to specific access keys and log-in details.
“You would also want to implement a security platform that can be on the lookout for inbound mails related to spoofing, phishing, spam and whaling, and outbound ones that may have confidential data – like identity or account numbers within them – in order to block these or flag them for attention.”
Derry suggests that in light of the changes brought about by COVID-19, notably the realisation that working from home is not only feasible, but also preferable, enterprises will clearly need to pay more attention to security and archiving, as an increasing number of workers adopt this approach.
“As remote working becomes commonplace, having a strong security platform and archiving solution in place will be of increasingly critical importance in ensuring e-mails, and the business-critical information often contained therein, remain secure, safe and stored away effectively,” he concludes.
Share