Top 5 Business Email Archiving Misconceptions Exposed!Home / Email Archiving Solutions with ArcTitan / Top 5 Business Email Archiving Misconceptions Exposed!
From financial data to funny cat videos to document edits, the amount of info that flows through business email conversations is vast and touches every department in an organization.
Some organizations are unaware of the importance of archiving their emails and having an email retention strategy in place. The lack of awareness around the importance of email retention and what can happen if there is no archiving system in place may be down to some common misconceptions about email archiving.
“Backups will suffice as our archive”. It’s easy to assume, and I’ve heard it said many times before. But backups and archiving are two completely different things. Backups are designed to take a picture of your data at one particular point in time so it can be restored in case of catastrophic failure. Depending on business requirements, it may not be necessary to keep backups for very long. With archiving, on the other hand, emails are kept for years.
But why keep email anyway? For one thing, email may need to be available for legal reasons. Archiving is designed to store email in a way compliant with legal requirements, but backups may not be adequate if the email is required for a court case.
Beyond being a proactive legal CYA measure, there are other benefits of archiving over backup as well. Take for example the ability to review company emails if there’s ever a suspected breach. The information in archived email is far more accessible than in email that’s simply been backed up — finding a specific message is almost as easy as finding a message in your inbox. Email is archived with metadata, such as date and server path, that can provide valuable information years after the email was sent.
See Misconception 1 - An archive is not the same as a backup!. Backups are not designed for efficient searches of emails and the content of backups can easily be changed or deleted. Litigation, due diligence, and common sense says that in addition to keeping data backups there needs to be a data archive. To say that your data is stored in the cloud, does not mean you have an archive even if you are doing backups there. An archive is quite different from a backup. A backup can only restore in its entirety. An archive lets you restore and access only the items that you need.
For example, if you have a lawsuit over a contract from 5 years ago, it would be difficult to restore transactions with your defendant without erasing the current production accounting system, which one obviously cannot do. So the archive is a type of journal that would let you bring back closed accounting periods online. That means old data is stored in an archive format and not native database backup format.
While you might think, “If we have a 90-day deletion policy, regulatory auditors and the courts will let us off the hook if we can’t produce data”. This isn’t always necessarily true, I’m afraid!
It is true that some businesses have very stringent requirements about email retention, and many industries are affected by laws — such as Sarbanes-Oxley — that require specific data handling measures. But even businesses that aren’t affected by industry-specific laws could be legally required to produce old emails and electronic communications. There is a misconception that if an industry is not regulated, then you don’t need to archive.
In the U.S., the Federal Rules of Civil Procedure are the rules that govern how civil trials are conducted. In 2006, the FRCP was amended to include regulations about electronic communications and can require that emails, files, and communications relevant to litigation be producible.
Email is more likely than ever to be a component of litigation. Legal cases today often involve e-discovery, or court orders to produce e-mails and any other electronic information that might be relevant. But it’s not only necessary to keep emails; they must be available upon demand, so they must be stored in an easily searchable format. Archiving email doesn’t just assist a business in avoiding fines; it can provide a wealth of material for a business’s legal team in an easy-to-access format.
The most important thing is to have a formal policy that fits within the capture model. What happens if emails are court ordered, but were deleted due to no retention policy? It could leave the company liable for evidence destruction just because there was no formal policy. Aside from legal obligations, it’s important to do what fits for your storage requirements, capabilities, and business model.
According to the FRCP, a business needs to describe how it stores its emails as part of pre-trial proceedings. The email must be produced on demand with the required metadata. An archiving solution:
An example of a highly regulated industry is financial services.
In the financial services industry, email is a vital element of everyday business and communication. Email plays a central role in transactions both within and external to a financial service institution. Thus emails are highly regulated and must be archived, audited and deliver an evidential audit trail in the event of litigation. A solution such as ArcTitan can help these organisations securely manage and archive their data while adhering to all data rules and regulations.
Not only does ArcTitan allow for compliance in email archiving, but it also protects organisations from cyberattacks such as Business Email Compromise. Attacks such as BEC, can have a devastating effect on businesses, including: damaging brand reputation, data loss, loss of customer trust and fines. Although not all industries are highly regulated like financial services, email archiving is an important element as part of a layered security approach in the instance of a cyberattack.
If you’re considering an email archiving solution, there are a few different options. In-house archiving involves the purchase of software and hardware to be maintained on premises. There are some disadvantages to storing your email in-house. Email can chew up enormous amounts of storage, and in-house archiving requires skilled employees to maintain the software and servers. Duplicate data may need to be stored off-site for disaster recovery purposes.
Archiving can also be provided as a hosted service. This avoids the problems inherent in an in-house solution, but introduces some problems of its own, primarily security issues. However, cloud-delivered email archiving services are becoming a more viable and attractive option for some due to scalability — an important consideration in view of the fact that most organizations already have lots of emails and accumulate more all the time — and relative affordability. On-demand solutions are more cost-effective as they provide a predictable cost structure, and the risk of managing and expanding the archive system is shifted to the service provider. Because data is stored off-site, the datacentre has distributed, built-in disaster recovery features that provide a tamper-proof, and completely accurate archive.
An additional benefit with email archiving is that it’s not necessary to keep old emails on your server. This reduction in workload increases the performance of the server. Cloud solutions often use parallel processing, making a search through huge datasets a breeze, and they generally provide encryption and multi-level security.
The introduction of GDPR has forced organizations to consider their data governance processes, which is generating a renewed interest in email archiving. ArcTitan is a cloud-based secure archive deployed on AWS that is compliant with GDPR for email retention and auditing as well as all major regulatory standards. ArcTitan is compatible with all major mail servers and email services and will meet the requirements of the most demanding clients.
Some companies believe that archiving email is like keeping a “smoking gun.” They mistakenly believe that what isn't saved won’t hurt them. However, implementing short retention policies – typically 30 or 90 days – across the organization does not protect from the threat of litigation nor does it allow the organization meet compliance requirements. Even if an email is deleted from the corporate email servers, it's more than likely on the server of the person or people who received or were copied on the email. Short retention periods also increase the difficulty, complexity, and cost of responding to eDiscovery request.
An eDiscovery solution is critical for any business. Companies need to be addressing the storage demands of their burgeoning data —inefficient storage is expensive and makes data difficult to access. But every company also needs to be aware of what it needs to do to make sure its data is stored in a manner that’s going to make it legally compliant if it’s involved in a lawsuit.
Much of an organization’s corporate knowledge is found in its email. Email represents a lot of time and effort on the part of many employees, and it’s an investment that every business should protect. Archiving not only protects the intellectual property represented by email, it also makes email management in general easier, improving productivity and performance.
It’s true small and medium business owners often feel they can’t do anything about the data sprawl problems facing them - however, this is not the case, there are email archiving solutions available that are well within the reach of small-to-medium businesses. We’re glad to discuss your eDiscovery requirements with you.
Safeguard your company’s most critical intelligence. If you have yet to offer email archiving to your clients or you are unhappy with your current provider’s service or the margin, contact the TitanHQ team today.