Email Retention Legislation in the U.S.

Email retention laws in the United States require companies to maintain copies of emails for many years. There are federal laws applying to all companies and groups, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Non-compliance can prove incredibly expensive Multi-million-dollar fines await any group found to have breached federal, industry, or state regulations.

All electronic files must be retained by U.S groups, which extends to email, in case the information is required by the courts. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a group in serious trouble. Not only are heavy fines issued, groups can face criminal proceedings if certain data is erased.

For decades, U.S groups have been required to store documents. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986; however, just over 10 years ago, data retention laws in the United States were updated to grow the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included in this article. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives. Industry and federal electronic data and email retention legislation in the United States are also subject to amendment. Up to date information should be sought from your legal team.

As you can see from the list here, there are several federal and industry-specific email retention pieces of legislation in the United States. These laws apply to emails received and shared, and include internal as well as external emails.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

 

Email retention legislation in the United States that are applied by each of the 50 states are beyond the reach of this article.  There area also European Union laws, such as the GDPR email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a couple of members of staff. However, the more employees a group has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company user in 2016 (Radicati email statistics report 2015-2019), and by 365 days in each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that any email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched. Finding the right backup alone can be almost impossible, let along finding all emails sent to, or received from, a specific company or person. Backups have their uses, but are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery order is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook (using a plugin). Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users. The solution can be scaled up to meet the needs of companies of all shapes and sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.
 

SpamTitan Named Leader in G2 Crowd Secure Email Gateway Performance Report

SpamTitan from TitanHQ has been named the leader in the Spring 2019 G2 Crowd Secure Email Gateway Performance Report.

Chicago, Illinois-based G2 Crowd was formed in 2012 to help businesses make the right software purchasing decisions. The company runs a peer-to-peer review platform that amalgamates software reviews to give business professionals an accurate picture of the usability of software solutions and how they match up to expectations.

Finding a software solution that ticks all the right boxes is one thing. Finding a solution that works in practice and is easy to use is another matter entirely. Many businesses only discover that a poor purchasing decision has been made after licenses have been purchased and a product has been implemented, by which time it is too late to change.

The G2 Crowd platform informs purchasing decisions and allows business professionals, investors, and buyers to make the right choice first time. The platform incorporates more than 500,000 user reviews and attracts more than 1.5 million visitors a month.

In addition to the website, G2 Crowd compiles and published a series of Grid reports each quarter. The grid reports are based on customer satisfaction and market presence and let businesses know the best software solutions to purchase.

In order to be included in the Spring 2019 G2 Crowd Secure Email Gateway Performance Report, secure email gateway solutions had to have the following capabilities:

  • Ability to scan incoming messages for potentially malicious content
  • Scan for malware, viruses and other malicious code and filter out those messages
  • Allow whitelisting or blacklisting to control suspicious accounts
  • Securely encrypt communications
  • Incorporate email archiving functionality for compliance.

The secure email gateway solutions assessed for the report were offerings from TitanHQ, Cisco, McAfee, SolarWinds, Barracuda, Barracuda Essentials, Proofpoint, Symantec, MobileIron, Sophos, Security Gateway, and Mimecast.

Each solution was assessed and assigned a position in the G2 Crowd Grid. Niche solutions had a small market presence and low customer satisfaction level, Contenders had strong market presence but low customer satisfaction level. High Performers had low market presence but scored highly for customer satisfaction, and the Leaders quadrant contained products that scored highly for customer satisfaction with a strong market presence.

SpamTitan was the out and out leader, scoring highest for customer satisfaction across all categories under assessment: Quality of support, ease of use, meets requirements, and ease of administration. Scores in those categories ranged from 90% to 94%.

TitanHQ the leader in business email security, today announced it has been recognized as a leader in the G2 Crowd Grid? Spring 2019 Report for Email Security.

97% of users of SpamTitan gave the product a score of 4 or 5 stars out of 5 and 92% said they would recommend SpamTitan to other businesses.

TitanHQ’s web security gateway was also rated in the Spring 2019 G2 Crowd Secure Web Gateway Performance Report, and was named a Strong Contender, achieving a score of 94% compared to the average of 87%.

“Our customers value the uncompromised security and real-time threat detection. The overwhelmingly positive feedback from SpamTitan users on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success” said Ronan Kavanagh, CEO, TitanHQ.

Webinar: New SpamTitan Updates and How They Protect Against Zero-Day and Email Impersonation Attacks

TitanHQ has been developing cybersecurity solutions for SMBs, SMEs, and MSPs for more than 25 years. During that time, the threat landscape has changed dramatically, which has called for regular updates to its cybersecurity solutions to ensure they continue to protect against the latest threats.

In the past couple of years, the number of email attacks being conducted on businesses have skyrocketed and the methods used to spread malware and phish for sensitive information have become much more sophisticated.

TitanHQ regularly performs updates to its cybersecurity solutions to respond to the changing tactics of cybercriminals and the latest update to SpamTitan has seen even more powerful features added to take protection against email threats to the next level: Sandboxing and DMARC authentication.

The sandboxing feature serves as a secure container where suspicious email attachments can be analysed in detail to determine whether they perform any malicious actions. The Bitdefender-powered sandbox is used to execute suspicious files where they can cause no harm, and monitor for C2 calls, and suspicious and malicious actions.

This new feature helps to ensure that more genuine email messages and attachments are delivered, and zero-day malware threats are detected and eradicated from the email system.

DMARC authentication has also been incorporated, which provides greater protection against email impersonation attacks which spoof legitimate senders. It has become increasingly common for cybercriminals to spoof domains to make phishing emails appear genuine and bypass standard email filtering controls. By using DMARC to verify the sender of the domain, detection of phishing and spear phishing emails has been greatly improved.

TitanHQ will be explaining these two new features, how they work, and their benefits for SMBs, SMEs, and MSPs that serve the SMB/SME market in an upcoming webinar.

If you are a current SpamTitan customer and would like to learn more about these new features, an MSP looking for a powerful email security solution to protect your clients, or you work at an SMB/SME and want to improve your email defenses, register for the webinar and find out more about the new and improved SpamTitan.

Webinar Information:

Date:     Thursday, April 4, 2019

Time:    12pm, EST

The webinar will last 30 minutes, and advance registration is necessary.

Ransomware CryptXXX Emails Discovered

CryptXXX has quickly become one of the main strains of ransomware, although until recent times infection was only possible via malicious websites. Now I.T. experts Proofpoint have discovered CryptXXX ransomware emails. The group behind the attacks have created a new attack vector. CryptXXX ransomware emails include a Word document containing a malicious macro. If the macro is permitted to run it will load a VB script into the memory which will use Powershell to make contact with the attackers’ command and control server. Once a connection has been established, CryptXXX will be installed onto the victim’s computer. Authors have realized the benefits to be obtained from implementing an affiliate model to help infect machines and now a number of new players have joined the ransomware market.

If a “ransomware kit” is supplied, individuals with little hacking expertise can carry out own ransomware campaigns. The ransomware authors can charge a nominal amount for supplying the kit, and can also take a share on the back end. When an affiliate infects a computer and a ransom is given, the authors receive a cut of the payment. This model works well and there is no shortage of hackers willing to try their hand at running ransomware campaigns. The CryptXXX ransomware emails are being shared by an affiliate (ID U000022) according to Proofpoint.

Spotting CryptXXX Ransomware Emails

The CryptXXX ransomware emails are being transmitted with a subject line of “Security Breach – Security Report #Randomnumber.” The emails include only basic details about a supposed security breach that has happened. The security report is sent as an attached Word document. The body of the email includes the date, time of the attack, the provider, location, IP address, and port. The email recipient is told to open the file attachment to view details of the attack and find out about the actions that should be implemented.

The file attachment titled like “info12.doc” according to Proofpoint. If the attached Word file is downloaded, a Microsoft Office logo is displayed. The user is told that the document has been created in a newer version of Microsoft Office. The content of the document will only be shown if macros are enabled. Enabling the macros will lead to the VB script being loaded. Then ransomware will then be installed and users’ files encrypted.

There is no remedy action if files are encrypted. The victim must pay the ransom or lose their files. Once an infection has taken place, files can only be rescued from backups if the victim does not pay the ransom requested.

CryptXXX Ransomware Still Being Sent by Neutrino

Since the demise of the Angler exploit kit, CryptXXX was transferred to Neutrino. There was a dramatic drop in infections as activity temporarily stopped; however, Invincea recently reported a surge in activity via compromised company websites. The SoakSoak botnet is being implemented to scan the Internet for vulnerable websites. The websites being hit run the WordPress Revslider slideshow plugin. Scripts are appended to the slideshow that send visitors to a malicious site including Neutrino.

CryptXXX will only be installed if the endpoint lacks specific security tools that would detect an installation. If Wireshark, ESET, VMware, Fiddler, or a Flash debugging utility is present, the ransomware will not be installed.

TitanHQ Adds DMARC Authentication and Sandboxing to SpamTitan

TitanHQ Adds DMARC Authentication and Sandboxing to SpamTitan

TitanHQ is pleased to announce that the SpamTitan email security solution for SMBs and managed service providers (MSPs) has been updated and has two brand new features to improve detection rates of zero-day malware, advanced persistent threats (APTs), and sophisticated phishing attacks.

From today, users of SpamTitan and all new customers will benefit from DMARC email authentication for incoming messages and advanced protection from new malware threats with a new sandboxing feature. Both of these new features have already been rolled out and have been made available at no extra cost.

SpamTitan has already become the gold standard for email security for SMBs and MSPs serving the SMB market. With SpamTitan in place, all incoming messages are subjected to checks using award-winning anti-malware technologies. Static analysis and advanced behavior detection technologies ensure a catch rates in excess of 99.9% and a low false positive rate of just 0.03%. The new sandboxing feature will improve catch rates and reduce false positives further.

When emails pass SpamTitan’s checks, files attached to the emails will be sent to the sandbox for in-depth analysis. The sandbox is a quarantine area from which there is no escape. When files are detonated in the sandbox, their actions can be studied without causing any harm.

All actions of the files are recorded, including attempts to evade detection. The Bitdefender-powered sandbox leverages purpose-built, advanced machine learning algorithms, conducts aggressive behavior analysis, and studies anti-evasion techniques. A memory snapshot comparison is also conducted to detect previously unknown threats.

The sandbox is used for testing application files, executable files, and documents for malicious actions. The results of the analysis are then checked against online repositories to identify potentially malicious actions. If the files are determined to be malicious, they are quarantined and the threat intelligence is passed to Bitdefender’s cloud threat intelligence service. All Bitdefender and SpamTitan users will then be automatically protected if that threat is encountered again.

The new sandboxing feature takes SpamTitan threat protection to the next level and provides superior protection against elusive threats in the pre-execution stage, including targeted attacks, obfuscated malware, custom malware, ransomware, and APTs.

DMARC is the gold standard for protecting against email impersonation attacks. These attacks impersonate known contacts, government agencies, and well-known brands, with email messages appearing to have been sent from their trusted domains. DMARC authentication allows these email impersonation attacks to be detected and blocked.

These two new features have been provided at no extra cost and are immediately available to current users of SpamTitan products to provide even greater protection against the most difficult to detect threats.

Threat of Exposure & Multiple Malware Infections being Combined with Sextortion Scams

Sextortion scams have proven popular with hackers in 2019. A well-composed email and an email list are all that is necessary. The latter can easily be bought for next to nothing via darknet marketplaces and hacking forums. Next to no technical skill is required to run sextortion scams and as hackers’ Bitcoin wallets show, they are effective.

Many sextortion scams use the tried and tested method of threatening to expose a user’s online activities (pornography habits, dating/adultery site usage) to all their contacts and friends/family unless a payment is completed. Some of the recent sextortion scams have added credibility by stating that they had users’ passwords. However, new sextortion scams have been detected in the past few days that are using a different tactic to get users to pay up.

The email template used in this scam is like other recent sextortion scams. The hackers claim to have a video of the victim viewing adult content. The footage was recorded through the victim’s webcam and has been spliced with screenshots of the content that was being looked at.

In the new campaign the email includes the user’s email account in the body of the email, a password (Most likely an old password impacted in a previous breach), and a hyperlink that the victim is encouraged to click to download the video that has been created and see exactly what will soon be shared via email and social media networks.

Visiting the link in the video will trigger the installation of a zip file. The compressed file contains a document including the text of the email along with the supposed video file. That video file is actually an information gatherer – The Azorult Trojan.

This form of the scam is even more likely to be successful than past campaigns. Many individuals who receive a sextortion scam email will see it for what it really is: A mass email including an empty threat. However, the inclusion of a link to download a video is likely to see many people download the file to find out if the threat is real.

If the zip file is opened and the Azorult Trojan executed, it will silently gather information from the user’s computer – Similar information to what the attacker claims to have already obtained: Cookies from websites the user has seen, chat histories, files stored on the computer, and login information entered through browsers such as email account and bank details.

However, it doesn’t finish here. The Azorult Trojan will also install a secondary payload: GandCrab ransomware. Once information has been gathered, the user will have their personal files encrypted: Documents, spreadsheets, digital images, databases, music, videos, and more. Recovery will depend on those files having been backed up and not being encrypted by the ransomware. Aside from permanent file loss, the only other alternative will be to pay a high ransom for the key to decrypt the files.

If the email was sent to a business email account, or a personal email account that was being logged onto at work, files on the victim’s work computer will be encrypted. Since a record of the original email will have been extracted on the device, the reason why the malware was downloaded will be made clear to the IT department.

The key to not being tricked is to ignore any threats sent via email and never click links in the emails nor click on email attachments.

Companies can plan for the threat by using cybersecurity solutions such as spam filters and web filters. The former stop the emails from being sent while the latter blocks access to sites that host malware.