Is Your Email Secure & Compliant?

email
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Email is arguably the most important application we use and simply managing our inbox can be challenging enough. Now throw in HIPAA, state data breach and other regulations, and the stakes for properly managing email have never been higher. Here are some basic items to consider.

Email Availability & Continuity How much would one hour of email downtime cost you? How about a day? Clearly lost employee productivity, disrupted client service and overall frustration will accompany even a brief email interruption. Whether there is an Exchange server in your office it or you are using a hosted service such as Office 365, there will be interruptions. Last June, Microsoft had a nine-hour outage affecting a great number of people. Email continuity solutions address this and keep the mail flowing.

Jaburg Wilk

Email continuity detects when your primary email is down due to power, Internet or hardware issues and automatically fails over so you can still send and receive mail in Outlook, your Web browser or on your smartphone. When primary service is restored, email continuity automatically switches back. From Outlook, fail over can be so seamless that you may never even notice you had hours of outage on your primary email service.

Email Archiving vs. Backups It’s critical that all systems are regularly backed up so that they can be quickly restored when machines fail or people delete data inappropriately. One of the benefits of hosted Exchange (from a provider such as Intermedia or Microsoft) is that they handle your email backups.

What is restorable is a more complicated matter. Backups are a snapshot from a point in time, and are generally retained for a limited amount of time. The number of available snapshots often decrease over time as well. For example, you may have hourly backups for the past five days, daily backups for three months, weekly for two years, etc. It’s very possible, therefore, that any given deleted message may not be on the backup. Restoring a message that was deleted a while ago may require your IT folks to perform a time-consuming search through dozens of backups in a trial and error process.

Email archiving takes a completely different approach, by ensuring that every message is captured and retained for an extended period of time, say 10 years. All messages are captured and cannot be missed or deleted from the archive. Rather than request a restore through their IT person, anyone can search their archive directly from Outlook with advanced search tools.

Archiving is a great solution for on-premise Exchange servers to provide secure, encrypted, compliant off-site backup. However, I believe it’s even more useful for hosted email solutions such as Office 365. By default, Microsoft keeps deleted items for 14 days. The primary purpose of their backups is to recover from disaster; Microsoft will not search through their system-level backups for a lost message. If it’s gone, it’s gone. Employing an archiving strategy helps mitigate this risk as every message can be recoverable effectively forever and every user of the system can search and verify this at any time with a simple search. Microsoft and other big hosting providers also offer archiving options, but I strongly recommend archiving with someone other than your primary hosting provider. The best practice for backup is to have redundant copies of your data somewhere other than your primary location for safety.

Encryption For many years, virtually all Internet email was sent unencrypted and fortunately that’s changing. By default, modern Exchange servers will try to send email via a mechanism called Transport Layer Security (TLS) which will encrypt the message. The key word here is try. Unfortunately, not all systems are setup to handle TLS and the email link may default back to a basic unencrypted mechanism known as Simple Mail Transport Protocol (SMTP). SMTP is inappropriate for transmitting sensitive information.

There are some elegant solutions to handle highly-secure communication to all email addresses for a fairly modest investment. For many of my clients, using the word SECURE anywhere in the subject line will cause the recipient to receive an email notifying them that a secure message has been sent to them. The email contains a link to a secure website where they can read and respond to any secure messages they receive.

TRENDING ARTICLES

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to Our Newsletter

You have successfully subscribed!

X