• Home
  • Email Archiving and Retention Policies Your Organization Should Implement Now

Email Archiving and Retention Policies Your Organization Should Implement Now

Email Archiving and Retention Policies Your Organization Should Implement Now
18Nov

Email Archiving and Retention Policies Your Organization Should Implement Now

Email archiving and retention policies reduce risks caused by holding large amounts of protected information.

Email archiving is the process of moving emails from your inbox to a separate folder, and retention policies determine how long emails are kept before being automatically archived or deleted.

Think about the sensitive data that is sent via email every day. On top of that, think about how often the average person cleans out their email folders. Probably not that often, if ever.

That means there is personal information, financial information and private company information sitting in inboxes, sent folders and trash folders waiting to be stolen.

Before you panic, that doesn’t mean you and your employees need to permanently erase every email, but you should be more selective about the emails you keep.

Because data breaches are so prevalent, organizations (and especially those in high-compliance industries) should shift their line of thinking to “If an email is valuable, keep it, otherwise delete” rather than “If it might be valuable, keep it.”

What Policies Should We Implement?

Here are a few examples of archiving and email retention policies we recommend implementing. Note: We are using Microsoft Outlook when creating these policies.

  1. Archiving Policy Example: Create a retention policy that automatically moves emails from the primary mailbox to the archive mailbox based on time criteria (e.g., after two years).

Why?

  • Avoid storage limits: While the average user probably won’t reach their primary mailbox storage limit, archived storage generally is significantly larger.
  • Clean up your inbox: Allows you to save emails and remove them from your inbox while still making them accessible.
  1. Archiving Deletion Example: Create a retention policy that permanently deletes emails in the archive as soon as possible, considering things like personal preference and regulatory compliance (e.g., after seven years).

Why?

  • Unlimited risk: An unlimited archive is an unlimited risk. At some point, sensitive emails need to be deleted.
  • Ensure you remain business compliant: All organizations have compliance regulations they must adhere to, and certain industries (financial, health care, government, etc.) have specific rules for how to store data and documents.
  1. Permanent Deletion Example: Set a retention policy to permanently delete items in the trash folder (e.g., after 30 days) and in the sent folder (e.g., after one year).

Why?

  • Free up storage space: Any emails in your trash or sent folders still count toward your overall storage until you permanently delete them.
  • Use archive folder: Avoid using your trash folder as an archive folder. Anything you want to save can be archived rather than “stored” in your trash folder.

Why Does It Matter How Many Emails I Keep?

When your organization is shopping for cybersecurity insurance, you’ll find organizations that keep a higher number of protected records generally are offered higher premiums.

Obviously, some of those records need to be held for compliance reasons, but the less you can hold, the lower your premiums can be.

On the other hand, some people are skeptical of archiving emails, as there are claims that using the search function is much quicker when it’s only going through the primary mailbox as opposed to both the primary and archive folders.

However, it’s not a great argument as the difference is negligible; we’re talking milliseconds faster to search one folder compared to two.

Because emails will be automatically archived or deleted depending on what folder they are in, you’ll need to educate your employees on those cutoff dates, probably multiple times.

If you use the above retention policies, these are the timeline dates your employees will need to know:

  • After 30 days, emails in the trash will be permanently deleted
  • After one year, emails in the sent folder will be permanently deleted
  • After two years, emails will be moved from the primary mailbox to the archive folder
  • After seven years, archived emails will be permanently deleted

Want to Learn More About Archiving and Retention Policies?

If you have any questions about email archiving and retention policies, contact us here so we can help implement the best policies for your organization.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.

Get Support

Share this post

Related Posts

What Do I Need to Do with Obsolete Equipment?
20Nov

What Do I Need to Do with Obsolete Equipment?

As technology improves, so will your IT equipment. Hardware will... read more

6 Tips for Decluttering Your Outlook Calendar
13Nov

6 Tips for Decluttering Your Outlook Calendar

Work calendars can get messy. Between regular team meetings, client meetings,... read more

Using OneDrive Without SharePoint Creates Organizational Challenges
11Nov

Using OneDrive Without SharePoint Creates Organizational Challenges

Microsoft OneDrive and SharePoint have many similarities but were created... read more

How to Handle Objections with Your Employees When They Defend Keeping Passwords in a File
06Nov

How to Handle Objections with Your Employees When They Defend Keeping Passwords in a File

As people are forced to create more and more online... read more

On-premises Server Makes Sense for Spec Tool
04Nov

On-premises Server Makes Sense for Spec Tool

With remote work continuing to rise in popularity, coupled with... read more

Why Does Social Engineering Happen
30Oct

Why Does Social Engineering Happen?

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

How Do Passwords Get Hacked?
28Oct

How Do Passwords Get Hacked?

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Phishing Alert Button Cybersecurity Grand Rapids
29Oct

What Happens When You Use the Phish Alert Button?

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Keeping a File with Passwords on Your Computer is a Terrible Idea
23Oct

Why Keeping a File with Passwords on Your Computer is a Terrible Idea

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Top 3 Cybersecurity Threats We Uncovered at GrrCon 2024
22Oct

Top 3 Cybersecurity Threats We Uncovered at GrrCon 2024

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more