Be careful with email archiving: Many archiving services are not GDPR-compliant

Be careful with email archiving: Many archiving services are not GDPR-compliant

For some time now, one topic has been on the minds of management boards everywhere: Data protection and the General Data Protection Regulation, which entered into force in May 2018. The European-wide data protection law has been earning the approval and praise of many because it ensures that consumers have control over their data. However, the topic still often causes confusion and headaches. Companies are overburdened with non-transparent regulations and a considerable amount of additional work, not to mention the additional expenses:

Only a quarter of German companies surveyed are in full compliance with the requirements of the EU General Data Protection Regulation. These findings were the result of a Bitkom study that was carried out in September 2019, where 500 companies were asked about their progress in regard to the implementation of the GDPR.

The feared wave of warnings and dunning letters did not materialise, however, at least for the time being. Instead, smaller fines were imposed. Until November 2019, when everything changed. The residential property company, Deutsche Wohnen, was fined the largest amount ever in Germany for a data protection violation: 14.5 million euros. The reason for this enormous sum was the archiving system used throughout the company, which did not provide any possibility for the deletion of data that the company no longer required.

It is exactly this topic that we have dedicated ourselves to below and show which functions an email archive must have so that it is audit-proof AND data protection compliant.

Email archiving – but correctly!

In everyday business, email has long been considered a standard means of communication. Invoices for purchased products and services are sent to customers, offers and inquiries are sent to suppliers and much more. In the course of these developments, it is hardly surprising that the legal and regulatory framework for handling business emails has been expanded. Thus, the legal basis for the archiving of emails arises from the Regulations for the Proper Management and Storage of Books, Records and Documents in electronic Form as well as for Data Access, in short GoBD (German: Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff).

The archiving obligation therefore applies to every merchant, commercial company and also legal entities. The archiving duration varies depending on the type of correspondence. Although a 6-year archiving period is set for conventional commercial and business letters, a storage period of up to 10 years applies to accounting documents, invoices as well as balance sheets and annual financial statements.

According to the GoBD, archiving systems used by companies must meet the following basic criteria in order to ensure audit-proof email archiving:

  • Emails must be archived in an unchanged manner
  • No email must be lost on the way to or in the archive
  • Emails must be retrievable and at short notice
  • Emails may not be deleted during the intended lifetime
  • Emails must be able to be displayed and printed exactly as they were entered
  • Documentation of changes in the organisation and structure of the archive must enable the original state to be restored
  • Migration to new platforms must be possible without loss of information

Moreover, users of the archive must comply with the legal and operational regulations concerning data security and data protection during the lifetime of the archive.

Audit-proof does not necessarily mean GDPR-compliant

By now, an attentive reader is probably asking the following question: How can an archiving system be warned or served notice about non-compliance with deletion obligations if emails are to be archived completely and in an audit-proof manner? Fair question. Here’s the answer:

The General Data Protection Regulation provides for an obligation to delete all personal data that are no longer used. This also includes all email communication. According to the GDPR, the storage and processing of such data is therefore always for a specific purpose. The purpose may, for example, relate to the provision of a specific service that would not be possible without the processing of customer data. If this purpose ceases to exist after some period of time, these data must be deleted.


An example from the Human Resources Department:

Monica M. applies for a job as a clerk at a medium-sized company in the tourism industry. Typically, the application contains relevant personal data, such as address, date of birth and much more. The documents are checked by the Human Resources Department and the respective specialist department.

If Monica M. impresses them, she is invited for an interview and can ideally fill the position. In order to be able to act as an employee of the company and to be paid for this, the company must continue to store and process Monica’s data.

However, if Monica does not impress the company during the interview, the basis for data storage is no longer applicable. The company must therefore completely destroy the data at the latest six months after rejecting Monica’s application. And what is meant here is “delete”. This includes all documents available in paper and digital form, such as cover letters, curriculum vitae, copies of certificates, notes from the interview, test papers and all related emails received.

In addition to the situation just described here, there are two other cases in which archiving is restricted or not permitted at all. The first case concerns email communications between employees and the works council or company medical officer. The second concerns personal emails, if employees are generally permitted to send and receive them.

The audit-proof and GDPR-compliant archiving system

As already described, the storage of personal data is tied to a specific purpose. And as we have seen, this purpose can also change. A legally imposed obligation to retain data can therefore also be considered a purpose for the storage of personal data.

In order to be able to comply with both the retention and deletion obligations, an enterprise should keep three important aspects in mind when archiving emails. First of all, it must be possible to recognise and mark personal information such as the private email communication of employees. Second, data must be classified in order to answer the question of what do said data concern. Last but not least, retention periods must be defined.

It is therefore particularly important to pay attention to both unalterability and data protection conformity when selecting a company-wide archiving system – because not every archiving system can delete data and, as we have seen, this can end up being expensive!

Hornetsecurity’s Archiving

An archiving system that fulfills all requirements, and also has low administrative and maintenance costs, is Hornetsecurity Archiving. All incoming and outgoing emails are archived fully, automatically, and securely in the cloud. This ensures the required unchangeability and completeness of the emails without any effort on your side.

Further features of the archive also include the marking of private emails as well as the complete exclusion of certain users from archiving, such as members of the works council. In this way, personal data can be protected in accordance with the GDPR. The archiving period for emails can be configured in advance, between six months for applications and 10 years. The existing full-text search function allows specific emails to be found quickly. Finally, Hornetsecurity’s Archiving also has a secure import and export function using a standardized format.

Malware – The Cyber Century’s Growing Threat

Malware – The Cyber Century’s Growing Threat

In the last two years, malicious programs like WannaCry, Petya and Ryuk have made it abundantly clear that malware and cyberattacks are entirely capable of bringing companies with inadequate cybersecurity to the brink of a shutdown and even driving them to bankruptcy.
During 2018, the Hornetsecurity Security Lab noticed a massive increase in emails with harmful attachments. The Emotet, Hancinator, Zeus and Trickbot trojans gave companies particular cause to be wary – in terms of email volume, these were among the biggest malware campaigns of 2018. A breakdown of malware attacks and their monthly incidence throughout 2018 is shown in the infographic. Hornetsecurity has analyzed the individual campaigns and painted a clear picture of what formats and files were concealing malicious software.
Malware is now the biggest threat to businesses, as according to the BSI (Federal Office for Information Security) report on “The State of IT-Security in Germany 2018”, 57 percent of all recorded cyberattacks can be traced back to malware infections. Email communication is the main method of transmission – masquerading as a harmless email, malware may be hiding in an attached Office file, for instance.
Ransomware, cryptominers, and spyware can lurk in Word documents as well as behind web links, and are among the varieties of malware most favored by cybercriminals. While malware sent via indiscriminate mass email (also known as spam) has declined sharply in recent years, businesses in particular are more and more often subjected to targeted and complex attack campaigns. Hackers are increasingly using social engineering and spear phishing to sneak malware onto company operating systems.
Over the last two years, the proportion of all recorded email traffic that is infected with malware has risen to around 1.3 percent. When dealing with a volume of 1,000 emails per day, that means at least 13 emails will contain malware; for a company that receives several thousand emails a day, it means that without adequate email security, the risk of falling victim to a malware attack is extremely high. After all, this is a particularly lucrative approach for cybercriminals. The German industry alone lost a total of around EUR 43 million due to malicious software in 2017 and 2018.
Developments such as growing connectivity and changing communication platforms will likely increase malware attacks and associated losses even further. Cyber risks are among the greatest dangers of going digital. Ransomware, one of the most widespread types of malware, is a particularly promising source of profit for hackers. . The fear of negative PR and the potentially far-reaching consequences inadequately protecting internal data is too high.
The last few years show a clear trend in the spread of malware: attacks will continue to proliferate. Until companies consider email and cybersecurity a necessary requirement in safely maintaining corporate communication and operational processes, cybercriminals will keep cashing in at their expense.
Cybercrime: Ruthless, extremely complex and a never-ending story

Cybercrime: Ruthless, extremely complex and a never-ending story

No year before has made more headlines in digital crime than 2018. This is the conclusion of the latest edition of the Hornetsecurity Cyberthreat Report. Not only the quantity of crimes has increased rapidly, but also their quality. According to a spokesman for the State Criminal Investigation Office (LKA) Lower Saxony in response to a request from the German newspaper “Hannoversche Allgemeine Zeitung”, the number of criminal activities via the Internet alone has increased by 30% in recent years.
Cyberattacks such as Advanced Persistent Threats, Malware and Spam as well as the transfer of “typical” criminal activities to the online world are responsible for the rapid increase. These criminal activities include trading of weapons, drugs, illegal pornography and counterfeit papers. “The criminals use the possibilities of digitalization extensively, not only in communication”, says LKA spokesman Marius Schmidt. In particular, the Darknet is becoming increasingly significant.

The number of unreported cases is massive

According to the Cyberthreat Report cybercrime is the world’s third largest threat after environmental disasters and political tensions. In 2017, the Federal Criminal Police Office (BKA) was able to identify almost 86,000 cases of cybercrime in Germany – an increase of four percent compared to the previous year.
The cost of the damage caused by cybercrime increased just as rapidly. Whereas cybercrime in Germany caused economic damage of 50.9 million euros in 2016, 71.4 million euros were lost in 2017. The worst thing about these numbers: These are only financial damages caused by cases registered by the BKA. Experts estimate that this number represents only 9% of the total loss. That means there are more than 90% of unreported cases .
But why is the number so high? Experts assume that cyberattacks are often noticed far too late, or not at all. However, in many cases they are not even reported to the relevant authorities by the companies concerned. This is due to the concern about loss of reputation and image. The latest massive cyberattack on the Marriott hotel chain is a classic example of such an incident. For years, hackers stayed unnoticed in the network of the world’s third-largest hotel group and, among other things, captured credit card data from half a billion customers. The German industry association Bitkom comes to completely different results due to such cybercriminal incidents. It recorded an enormous amount of damage of 55 billion euros.

Advanced Persistent Threats still very popular

As in 2017, the popularity of Advanced Persistent Threats among cyber criminals continues uninterrupted. With the attack on the French construction company Ingérop, the hackers once again proved the significant threat potential of such sophisticated cyberattacks. They succeeded in transferring malware into the IT infrastructure by means of a professionally designed phishing campaign on employees of the Group. This served as a door opener for a large-scale data theft. The hackers captured a total of 65 gigabytes of sensitive data, including construction plans for nuclear facilities and high-security prisons. Furthermore, sensitive personal data of a total of 1,200 Ingérop employees were stolen.

Also, the German armament company Krauss Maffei recently experienced an attack of this kind. Hackers penetrated the company’s IT systems and infected it with malware. The production process had to be shut down for a week afterwards. This was followed by an extortion attempt with a ransom demand.
Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Oops! We could not locate your form.

Malware remains standard

Compared to Advanced Persistent Threats, malware is far less complex, but still very effective. In general, it is used to perform unwanted or harmful functions to users. The cyber criminals use malware to increase their income, for example. The great variety of malware makes it a very popular tool for hackers.
This popularity is also reflected in its distribution: between 2006 and 2017, the number of malware incidents increased constantly. Email communication is the main gateway to malicious file attachments. Office files are particularly popular as disguise. Every third malware sent disguised itself as a Word, Excel or PowerPoint file, as can also be read in the Cyberthreat Report.

Spam emails – threat potential increases

Spam is no longer as popular among cybercriminals as it was ten years ago. The Hornetsecurity Cyberthreat Report concludes that in 2018 not even every second email was a spam email. The situation was different back in 2009: At this time, it was almost 100 percent of all emails. Anyone who thinks that this trend is positive is unfortunately mistaken. Whilst ten years ago almost no spam email contained malware, today this is quite different. More and more emails are packed with malware such as viruses, Trojans, Ransomware or spyware.

To summarise: The battle is far from lost.

Even though the damage caused by cybercrime is steadily increasing and it is becoming increasingly difficult to cope with the complex threat situation, the final “battle” has not yet been fought. More and more companies are aware of the current threat situation and are implementing intelligent IT security concepts as well as effective Managed Security Services to prevent sophisticated cyberattacks.
While expenses for Managed Security Services added up to 4.27 billion US dollars in 2016, this amount will be doubled to 8.26 billion US dollars in 2021. Companies have realized that they need to prevent cyber threats from the very beginning. Once the threat has invaded the IT infrastructure, it’s already too late.
In our latest Cyberthreat Report you can find out in detail which trends and developments are currently particularly affecting the world of cybercrime and which dangers result from this.
Spam emails – There’s life in the old dog yet

Spam emails – There’s life in the old dog yet

Laurence Canter certainly didn’t expect to go down in history one day as a pioneer of spam email. In 1994, the US lawyer was the first person ever to send messages that resemble the character of a spam email today. A computer specialist engaged by Canter and his wife flooded over 6,500 newsgroups on the Internet with advertising for their company. But this was only the beginning of a story that has now been going on for 25 years.

In this blog post you will learn everything about the history of email spam, the damage and dangers it causes and the right protection against unwanted messages.

Key figures on email spam


of global email traffic is spam


of all dangerous spam emails end up in German email inboxes

About Spam, Cybercriminals and Monty Python

Three things that couldn’t be more different: What has Spam got to do with cyber criminals and the comedy group Monty Python? The answer is: a lot. At least if you take a look at the history of email spam.

At the time Canter had his advertising emails sent, the Internet was hardly commercialized. It was therefore absolutely unusual for users to be confronted with advertising in such a direct way. This was reflected in particular in the reaction of the recipients. Therefore the lawyer was very soon confronted with fierce criticism. One user even called for “spam and coconuts to be sent to Canter and Co”. But “Spam” here, however, meant canned meat produced by the food company Hormel Foods, whose product name is an artificial marketing word made up of “spiced ham”. The angry user’s request can therefore be interpreted as an allusion to the content, which is as “soft” in coconuts and canned meat as it is in advertising emails.

The British comedy company Monty Python also contributed to the naming of the spam email. They did a sketch in the 1970s that was set in a pub. The guests of the pub can choose from several dishes, but each one contains spam. Then a horde of Vikings, also dining in the restaurant, starts singing “Spam, Spam, Spam, Spam, Spam, Spam, Spaaaam!”. The frequent and penetrating appearance of the word “spam” within the sketch, finally prompted the usenet forum administrator Joel Furr in 1992 to declare the increasing “garbage contributions” in his forums as “spam”. From then on the term prevailed.

Spam emails in the course of time

If you think that spam emails are a thing of the past, you are wrong. Although cyber criminals are increasingly trying to make life difficult for us with other lucrative fraud methods, such as phishing or ransomware, sending spam emails is still very popular. To put it in numbers: Between July 2017 and July 2018, the proportion of spam e-mails in companies was more than half of the total amount of e-mail traffic generated worldwide. In Germany alone, sending spam consumes as much electricity as a small city.

As if this wasn’t unpleasant enough, the proportion of dangerous spam emails of all email traffic is also increasing significantly. The increased risk potential of modern spam emails is primarily due to significantly improved targeting by spammers. Through targeted addressing and country-specific topics, spam emails appear much more authentic than a few years ago. Not only the quality of spam emails, but also the spammers’ preferred targets have changed.

While only 10 years ago the United States was the main target of attacks, another country has now moved past them: Germany. The proportion of spam emails in Germany has doubled compared to 2010. The main reason for this is probably the very good financial situation of the German population. Spammers expect the most lucrative sources of income here.

How dangerous are spam emails today?

While cybercriminals in the 1990s and 2000s mainly sent emails with advertising intentions, the situation is different today. Especially the sending of ransomware or other malware in email attachments has become very common among criminals.

Spam info graphic

Spammers use a fake identity to try to force the target to click on an email attachment infected with malicious code. They often claim that there is an unpaid invoice in the appendix. However, when the target opens the file, the ransomware it contains is activated, encrypting all files stored on the hard disk.

Another scam that is often carried out by means of spam emails is phishing. For example, the cybercriminals pretend to be well-known credit institutions. They claim that the customer’s bank account has been blocked for security reasons. To unlock it, the victim has to confirm his access data again. To do this, the target person has to click on a URL that is very similar to the real URL of the bank.

It can only be distinguished from the original by certain additions or another Top Level Domain. Amateurs often have no suspicion and will be forwarded to a website based on the design of the bank via the link. If they comply with the requests and reveal their data there, the cyber criminals will have direct access to the information. Some of the “fake websites” look so deceptively real that they are indistinguishable from the bank’s regular websites.

How do spammers get to my email address?

In order to protect oneself optimally against the flood of unwanted messages, one must first understand under which circumstances they end up in our digital mailbox. The fact is, if you keep your email address to yourself, you should normally not receive any spam emails. We only become the target of spammers when we make our email address publicly accessible on the Internet or entrust it to dubious service providers. But how do spammers actually collect our email addresses?
Spammers use so-called “harvesters”, also known as “spambots”, to search the Internet for specific email addresses. If you still want to publish your email address on the Internet, you can have it converted to Unicode with the help of free service providers on the Internet. Spam bots will then no longer be able to read them.
You should also be careful with unknown Internet providers who promise to make us disclose our data. A good example are websites that lure with competitions and possible money profits. Unfortunately, it is not uncommon that the alleged profit does not even exist and is only used as an excuse. Here, too, you can frequently go directly to the mailing lists of the spammers.

Perfectly protected against email spam – this is how it works

Without a doubt, the proportion of spam emails was significantly higher a good ten years ago at around 90%, but one should not be deceived by this development. Because it’s all about the sophistication of the spammers. They continuously ensure that the risk potential of spam emails increases. Without a professional spam filter which also detects viruses and other threats, employees not only spend a lot of time organizing emails, but are also exposed to constant threats. In addition to links to malicious websites, spam emails may contain malware and phishing links.
Only professional spam filters for companies such as Hornetsecurity’s spam filter service ensure absolutely “clean” mailboxes with spam detection rates of 99.9%. In combination with Hornetsecurity Advanced Threat Protection, even the most fraudulent attack methods, such as CEO fraud, ransomware and spearphishing are effortlessly excluded. Just during July 2018, about half of all emails scanned by “Advanced Threat Protection” were classified as malicious. The largest part of these emails, more than 90% of malicious emails, is due to dangerous threats, as stated in the Hornetsecurity ATP Analysis of July 2018. Thanks to the intervention of the Hornetsecurity Spamfilter Service and Hornetsecurity ATP, the recipients of these emails were not only fully able to concentrate on their tasks, they were also not exposed to the risk of a “wrong click”. This finally brings peace and quiet to your email inbox.

Additional information:

Successful Product CEO-Fraud – An old scam yet the danger remains present

Successful Product CEO-Fraud – An old scam yet the danger remains present

The publicity around CEO Fraud may have calmed down, yet it is not yet extinct and still remains a serious threat. CEO Fraud, also known as ‘bogus boss’, still leads to digital larceny by deception, and thus causing displeasure and high economic damage for several companies such as a German company in the hessian rural district Groß-Gerau. Unknown cyber criminals were able to capture a sum of $380,000 Euro by successfully using CEO-Fraud. In 2016 alone, the total amount of monetary loss worldwide caused by this scam method was about $3.1 billion US dollars. That matched the profit made by Volkswagen in 2017.

Key figures on CEO Fraud in companies

Million euros a year, a group of cybercriminals captured by CEO Fraud in Germany between 2014 and 2017


success rate in CEO fraud attacks according to Info Security Magazine

How is it possible that the success rate of cyber criminals is still extraordinarily high even several years after its discovery as a tool used by cyber criminals? In the following text we will look at the procedures and the sophisticated fraud techniques of the offenders in order to improve the comprehension of the success of the scam.

Perfect Planning is half the battle: The Preparatory Stage of the CEO-Fraud

The target of CEO-Fraud is usually one single person. In most cases, an employee in the accounting department with direct authority to execute bank transfers. In order to execute the scam and make it appear as authentic as possible, extraordinarily good preparation is needed at the start of the scam. The magic word here is Social Engineering. Social Engineering means cyber criminals try to gather as much information as possible about their victim. They find such information on social media channels like Facebook, Linkedin or Xing. Most of the time, it’s easy to acquire personal information such as job title, place of work or even the complete organigram of a company.

Cheating and Feinting: The Offensive Stage of CEO Fraud

If the blackmailer has gathered enough information on their target they make the first contact and begin the offensive stage of CEO Fraud. The offenders now must accomplish a certain familiarity with the targeted subject. They do this by referring to current topics of the company in their email. This topic could be an upcoming acquisition or the latestsales figureswhich can be withdrawn from previous press releases.
To put the crown on the scam, some cyber criminals create an email address that is similar to the one of the CEO. In this connection, it is a perfidious trick to replace certain letters with letters that look extraordinarily similar. The letter L in mueller@examplecompany can for instance be easily replaced by a capital I. For the ordinary person, this scam also known as Spoofing can only be recognized by close scrutiny.
Another trick utilized by cyber criminals is the use of an existing emal communication. For example, if the offender knows with which person the CEO of a company usually communicates with and what topics are usually discussed, the perpetrator can counterfeit such communication. Fake logos and email signatures complete the picture of a completely legitimate email communication.
It’s in the email itself where cyber criminals dig deep into their bag of psychological tricks in order to initiate the transactions they desire. A commendation for the work of the targeted subject or the buildup of pressure can be used to trick the subject. Often, the offenders pretend to need a transfer of money to be sent as quickly as possible because an important and discreet deal could fail. It must be discreetso the targeted subject does not inform other colleagues about this affair which could end the scam.

What accounts for the success of the scam?

In most cyber attacks, employees are the largest risk factor. The Federal Office for Security and IT (in German: Bundesamt für Sicherheit und Informationstechnik, short: BSI) has previously warned the public about the careless handling of personal data. However, companies contribute to this by publishing a multitude of information on social networks for marketing purposes. Just like that, the offenders have little difficulty accumulating a substantial amount of information to assist in the success of their scam.
Another crucial factor of the scam is the psychological component. Cyber criminals specifically and shamelessly exploit emotions like respect and trust for a manager or owner of a business in order to manipulate their victims.

How do I protect my company from CEO Fraud?

A healthy amount of skepticism and the right education are the essentials in the battle against the bogus boss. From the perspective of a company, it makes sense to work against the ignorance of many employees with regular cyber threat information or training events. This way, the tricks of the scammers like the scrambled letters or fake signatures can be specifically pointed out.
Also, the use of an email encryption service provides relief since a fake or missing signature automatically attracts attention. For thosewho are not sure despite all these precautionary measures a telephonic reinsurance from the pretended sender of the email is useful. This requires a smallinvestment of time and can prevent a possible scam from even taking place.
Meanwhile, there are instruments and methods to deter such fraudulent emails ending up in the inboxes of the employees. Managed Security Services, like the Advanced Threat Protection by Hornetsecurity are able to see through complex attack patterns like the CEO-Fraud and block it in the forefront using sophisticated forensic systems. Once an attack is detected, ATP sends an automatic notification to the security personnel responsible for thwarting such an attack. The result, CEO-Fraud and other scams have no chance of success and your employees can focus all of their attention on their important tasks once again.

Additional information: