Mimecast Secure Messaging Blog Banner Image

Mimecast E-mail Security and Archiving

The new Data Protection Act 2018 adds to the pre-existing need to protect information and extends legal obligations around the security of personal data. Managedservices.co.uk is the online trading site of Brighter Connections Managed Services Ltd. Our business has extensive experience in the provision of managed e-mail and e-mail security services to businesses. In this article we explore the links between the new regulations and e-mail security and the benefits that can be obtained using readily available e-mail security technology from Mimecast.

E-mail has largely replaced the traditional secure, but slow, way of exchanging information through the postal system. It has many benefits including immediacy, traceability and the ability to build a conversation, but Internet e-mail wasn’t designed with security in mind and is open to a number of risks, which include:

  • The simplicity of spreading viruses and impersonating legitimate identities to steal sensitive information
  • E-mail can be easily intercepted in transit and confidentiality cannot be guaranteed
  • Users can accidently send an e-mail to the wrong recipient, exposing private information about businesses and individuals

The risks of e-mail are well known. Many organisations have experienced attacks that have wasted time and had a significant impact on productivity and on customer experience. Organisations have also lost access to information, personal and confidential data has been compromised and some organisations have even lost significant amounts of money when they have been spoofed into transferring money from their business bank accounts to criminals.

A lot has been said and written about the GDPR (General Data Protection Regulation), which is now the basis of the UK Data Protection Act (DPA) 2018. The new Data Protection Act builds on the earlier 20-year old legislation and updates it for the modern digital economy, including specific obligations with regard to the security of personal data.

The IT industry has very well-established frameworks for assessing and mitigating risk. A wide range of industries and public sector organisations have needed to build information security into everything they do so that they can protect the Confidentiality, Integrity and Availability (CIA) of data. That learning is reflected in the new regulation.

The new Data Protection Act puts specific legal obligations around the security of personal data. Organisations are required to consider the personal information that they process, how they process personal information and the risks arising out of that processing. They have an obligation to consider the resulting potential for, and scale of, damage that could be inflicted on the rights and freedoms of people relating to security (CIA) breaches and then put in place appropriate controls that are proportionate to those risks and the costs of implementing technology that is available to address those risks.

At Brighter Connections we have seen first-hand the risks that businesses face with regard to protecting information and we provide organisations with a range of security software that protects all aspects of customer IT systems. Through our status as both a Mimecast partner and Mimecast customer we have seen the very real benefits that Mimecast offers and how it out performs other solutions as an integrated package in:

  • Protecting against spam, viruses and attempts to steal information
  • Providing business continuity and access to e-mail when corporate systems aren’t available, maintaining productivity and continuity of trading and customer service
  • Encrypting sensitive information and enabling secure sharing of information through e-mail with people who don’t have their own encrypted mail service
  • Storing mail in a 99-year archive, providing the ability to irrefutably check contractual terms and offers
  • Enabling employees to access critical e-mails from any location should they need to

Mimecast provide a range of bundled options and these include:

Mimecast S1: This is the comprehensive solution, at entry level, that will provide protection against spam, virus and “phishing” (impersonation attacks). It is available at a low cost and is licenced on a per user per month basis. In our view, this is the minimum service that organisations should put in place to protect their e-mail.

Mimecast M2: This builds on the secure e-mail features of S1 and adds in data leak prevention and business continuity, providing users with a portal in the cloud where they can send and receive mail. Mimecast also provide simple to use plug-ins for Microsoft Outlook and client software to use on smartphones. The portal holds copies of mail for 58 days and is a great solution to keep the lights on should there be a problem with the core e-mail system.

Mimecast M2A: provides all of the features of M2 and adds the ability to store mail in a secure cloud-based archive for 99 years.

In addition to the core Mimecast solutions, add-on options are available and, for a limited time, two of them are available as a “buy one get one free”.

Mimecast Secure Messaging: provides a simple way for mail to be encrypted to greatly reduce the risk of it being intercepted and read in transit. E-mail encryption is normally something that is difficult to implement as encryption keys need to be exchanged between users and both parties need access to the similar technologies. Mimecast get around this by providing a secure portal that stores messages securely, the recipient simply receives a link to the secure portal and can then read and respond to e-mails from the portal. This a great solution for sharing sensitive personal information and private company data in a way that is simple to use for all concerned. Example use cases that we have seen have included:

  • Exchange of HR information
  • Sensitive medical information
  • Financial records
  • Commercially sensitive business information

Mimecast Large File Send: Enables large attachments, up to 2GB in size, to be shared via e-mail. This retains the advantages of sending mail directly between people, or groups of people and avoids the complexity and many of the risks of managing permissions on cloud-based file sharing systems.

 In summary, e-mail remains a great way of sharing information, but it does carry many security risks that could case reputational, commercial and legal damage. The good news is that a comprehensive range of solutions is available from Mimecast that can be implemented at a low cost per month per user and Brighter Connections Managed Services Ltd will provide the skills you need for setup, migration and ongoing support.

We have a Mimecast bundle available to buy online here, which includes Secure Messaging and Large File Send.

Other Mimecast products are also available to purchase online here.

For more information on Mimecast and other ways in which technology can be used to protect sensitive information, please call us on 0330 088 9999 or email online@managedservices.co.uk