Wednesday, 15 May 2019

Email Retention Policies

Many companies have little to no email retention policies in place.  The idea here is to ensure that if a business related email is required, it can be recovered for up to a 6 year period.
However it has also been raised  that 6 years may not actually be sufficient when projects which are completed over a long period of time are concerned.  Therefore 6 yrs from time of project completion should be the consideration.  In some cases financial data may need a slightly longer period of retention to match other financial requirements.

The question is how do you manage this type of thing.  Users have the ability to delete their emails etc and therefore relying on users to manage their own mailboxes completely may not be the best option.

Many companies opt for an email archiving solution which provides a copy of every email in and out to be stored safely and all access to these stored messages audited for compliance.

With the adoption of cloud email services this retention can present further challenges and many companies using services like O365 do't even see any need to perform separate backups of their O365 data which is obviously a very risky view. ( That's another story coming soon).


Thursday, 29 June 2017

NotPetya Cyberwarfare ?


It is interesting that many are regarding this latest NotPetya attack as Cyberwarfare and not Ransomware.
The main reasons for this assumption are as follows:

Due to the nature of the infection, it would appear that Ransomware is being used to mask the true nature of the attack.
The files seem to be unrecoverable.
Similar to wiping a hard disk, the entire drive is rendered unuseable by overwriting the Master File Table.

It would definitely appear that the intention is to destroy rather than hold to Ransom.




Email Retention Policies

Many companies have little to no email retention policies in place.  The idea here is to ensure that if a business related email is required...