Scanning Email for Confidential Data
This article applies to: Security Essentials for IT Professionals
In certain settings, e-mail software can store some or all electronic mail in files on your computer. This speeds access to e-mail, reduces the workload on mail servers, and allows you limited work even if you don’t have a network connection. Saved electronic mail also presents some unique challenges to confidential data discovery tools.
Email Application Specific Idiosyncrasies for Running Data Discovery Tools
- Warning: Using Identity Finder to shred email will shred or corrupt your entire mailbox. If confidential data is identified in an email message, to permanently delete the mail message without damaging your mailbox, open Outlook, delete the message, then empty the trash and compact your folders. If you are unsure of how to permanently delete select emails, contact your local technical support for guidelines on your specific email application.
- Scanning saved messages is a challenging task for any data discovery tool. As a general rule, cleanup is a one-time exercise; if unwanted messages are removed they’re gone without much ado.
- For Windows, IdentityFinder generally works better than Spider. For a Mac, Identity Finder does not scan Entourage or Outlook files.
Issues to Understand When Using a Data Discovery Tool to Scan Email
- On a Mac, IdentityFinder does not scan Outlook or Entourage files. People who work in a role that requires them to handle confidential data are strongly encouraged to scan mailbox folders by eye.
- Saved email invariably includes mail headers (a record of who mail is to and from, and how it got to you). Depending on your e-mail software, it may also include indexing information to speed access to individual messages. These elements are often full of numbers that contribute to false positives.
- Data discovery tools may not be able to direct you to a particular message or attachment. Some will give message previews, a subject line, or a date stamp to aid your search.
- Most remediation options offered by advanced data discovery tools, such as encryption or redaction, operate on an entire file with little understanding of its underlying structure. Applying these cleanup aids to saved e-mail can result in the inadvertent loss of all e-mail. Deleting or modifying unwanted messages or attachments is best done through the e-mail software that created them.
- Some e-mail applications don’t immediately or permanently delete messages. They may wind up in a trash folder or a backup copy of a mailbox. Special procedures may be necessary to insure unwanted messages are actually gone.
- Some environments have a mix of e-mail stored on local computers and original copies retained by the mail server. Extra care may be necessary to insure unwanted messages are gone from the mail server and won’t reappear at some later date.
- If you have moved from one e-mail application to another, your old mail may still exist alongside the previous software. In this case, it may be easier to delete the older, unused e-mail before scanning your computer.