Secrets of business email correspondence. Archiving correspondence in practice

Today, courts often accept electronic correspondence as written evidence. However, for this she must have legal force. Meanwhile, clear and uniform rules and methods for determining the legitimacy of virtual correspondence have not yet been developed, which leads to a large number of problems.

Let's look at several ways to give emails legal force.

Long gone are the days when the only means of communication were letters written on paper. The development of economic relations between economic entities is no longer conceivable without the use of information technologies. This is especially true when counterparties are located in different cities or even countries.

Communication via electronic communications helps reduce material costs, and also allows as soon as possible develop a common position on specific issues.

However, such progress should not be considered only in terms of positive side. Various disputes often arise between subjects of economic relations; to resolve them, they turn to the courts. The court makes a decision based on an assessment of the evidence provided by the parties.

At the same time, the relevance, admissibility, reliability of each evidence separately, as well as the sufficiency and interconnection of the evidence in their totality are analyzed. This rule is enshrined both in the Arbitration Procedure Code of the Russian Federation (clause 2 of Article 71) and in the Code of Civil Procedure of the Russian Federation (clause 3 of Article 67). In the process of determining the admissibility and reliability of the evidence provided, the court often asks questions, the solution of which significantly affects the outcome of the case.

The use of electronic document management in relations between business entities is regulated by the norms of the Civil Code of the Russian Federation. In particular, in paragraph 2 of Art. 434 states: an agreement in writing can be concluded by exchanging documents via electronic communication, which makes it possible to reliably establish that the document comes from a party to the agreement.

In accordance with paragraph 1 of Art. 71 Code of Civil Procedure of the Russian Federation and paragraph 1 of Art. 75 of the Arbitration Procedure Code of the Russian Federation, written evidence is business correspondence containing information about circumstances relevant to the consideration and resolution of the case, made in the form of a digital record and received via electronic communication.

To use electronic documents in legal proceedings, two conditions must be met. Firstly, as already indicated, they must have legal force. Secondly, the document must be readable, that is, it must contain information that is generally understandable and accessible to perception.

This requirement stems from general rules legal proceedings, which presuppose the immediacy of judges’ perception of information from sources of evidence.

Often, the court refuses to admit as evidence to the case materials electronic correspondence that does not meet the above conditions, and subsequently makes a decision that does not satisfy the legal requirements of the interested party.

Let's consider the main ways to legitimize electronic correspondence before and after the start of proceedings.

Working with a notary

If the proceedings have not yet begun, then to give electronic correspondence legal force, you need to involve a notary. In paragraph 1 of Art. 102 of the Fundamentals of Legislation on Notaries (Fundamentals) states that, at the request of interested parties, a notary provides evidence necessary in court or an administrative body if there are reasons to believe that the provision of evidence will subsequently become impossible or difficult. And in paragraph 1 of Art. 103 of the Fundamentals stipulates that in order to secure evidence, the notary inspects written and material evidence.

According to paragraph 2 of Art. 102 Fundamentally, a notary does not provide evidence in a case that, at the time interested parties contact him, is being processed by a court or administrative body. Otherwise, the courts recognize notarized electronic correspondence as inadmissible evidence (Resolution of the Ninth AAS dated March 11, 2010 No. 09AP-656/2010-GK).

It is worth recalling that, based on Part 4 of Art. 103 Fundamentals, provision of evidence without notifying one of the parties and interested parties is carried out only in urgent cases.

In order to inspect evidence, a protocol is drawn up, which, in addition to a detailed description of the notary’s actions, must also contain information about the date and place of the inspection, the notary conducting the inspection, the interested parties participating in it, and also list the circumstances discovered during the inspection. The emails themselves are printed and filed with a protocol, which is signed by the persons participating in the inspection, by a notary and sealed with his seal. By virtue of the Determination of the Supreme Arbitration Court of the Russian Federation dated April 23, 2010 No. VAS-4481/10, the notarial protocol for the inspection of an electronic mailbox is recognized as appropriate evidence.

Currently, not all notaries provide services for certification of emails, and their cost is quite high. For example: one of the notaries in Moscow charges 2 thousand rubles for one page of the descriptive part of the protocol.

A person interested in providing evidence applies to a notary with a corresponding application. It should indicate:

• evidence to be secured;
• the circumstances that are supported by this evidence;
• the grounds for which evidence is required;
• at the time of contacting a notary, the case is not being processed by a court of general jurisdiction, an arbitration court or an administrative body.

Considering technical process transmission of emails, the places where email is detected can be the recipient's computer, the sending mail server, the recipient mail server, the computer of the person to whom the electronic correspondence is addressed.

Notaries inspect the contents of an electronic mailbox either remotely, that is, they use remote access to a mail server (this may be the server of a provider providing electronic communications services under a contract; a mail server of a domain name registrar or a free Internet mail server), or directly from the computer of the interested party on which an e-mail program is installed (Microsoft Outlook, Netscape Messenger, etc.).

During a remote inspection, in addition to the application, the notary may need permission from the domain name registrar or Internet provider. It all depends on who exactly supports the operation of mailboxes or an electronic mail server under the contract.

Certification from the provider

Resolutions of the Ninth AAS dated 04/06/2009 No. 09AP-3703/2009-AK, dated 04/27/2009 No. 09AP-5209/2009, FAS MO dated 05/13/2010 No. KG-A41/4138-10 stipulate that the courts also recognize the admissibility of electronic correspondence , if it is certified by the Internet service provider or domain name registrar who are responsible for managing mail server.

The provider or domain name registrar certifies electronic correspondence at the request of an interested party only if it manages the mail server and such right is specified in the service agreement.

However, the volume of electronic correspondence can be quite large, which in turn can complicate the process of providing paper documents. In this regard, the court sometimes allows the provision of electronic correspondence on electronic media. Thus, the Arbitration Court of the Moscow Region, making a Decision dated August 1, 2008 in case No. A41-2326/08, referred to the admissibility of electronic correspondence provided to the court on four CDs.

But when considering the case in the appellate instance, the Tenth AAC, by its Resolution dated 10/09/2008 in case No. A41-2326/08, recognized the reference to electronic correspondence as unfounded and canceled the decision of the court of first instance, indicating that the interested party did not submit any documents provided for by the concluded parties agreement.

Thus, emails relating to the subject of the dispute must be submitted to the court in writing, and all other documents can be submitted on electronic media.

Confirming the contents of letters by referring to them in subsequent paper correspondence will help prove the facts stated in virtual correspondence. The use of other written evidence is reflected in the Resolution of the Ninth AAS dated December 20, 2010 No. 09AP-27221/2010-GK. Meanwhile, the court, when considering the case and assessing the evidence provided by the parties, has the right not to consider paper correspondence with links to electronic correspondence admissible.

He only takes it into account and makes a decision based on a comprehensive analysis of all the evidence presented.

Get help from an expert

If the proceedings have already begun, then to give electronic correspondence legal force it is necessary to exercise the right to attract an expert. In paragraph 1 of Art. 82 of the Arbitration Procedure Code of the Russian Federation stipulates that in order to clarify issues that arise during the consideration of a case that require special knowledge, the arbitration court appoints an examination at the request of a person participating in the case, or with the consent of the persons participating in it.

If the appointment of an examination is prescribed by law or a contract, or is required to verify an application for falsification of the evidence presented, or if an additional or repeated examination is necessary, the arbitration court may appoint an examination on its own initiative. The appointment of an examination for the purpose of verifying the evidence presented is also provided for in Art. 79 Code of Civil Procedure of the Russian Federation.

In a petition to appoint a forensic examination, it is necessary to indicate the organization and specific experts who will carry it out, as well as the range of issues for which the interested party decided to apply to the court to order an examination. In addition, information about the cost and timing of such an examination should be provided and the full amount to pay for it should be deposited with the court. The involved expert must meet the requirements established for him in Art. 13 of the Federal Law “On State Forensic Expert Activities in Russian Federation».

Attachment to the case materials as evidence of an expert's opinion on the authenticity of electronic correspondence is confirmed by judicial practice (Decision of the Moscow Arbitration Court dated 08/21/2009 in case No. A40-13210/09-110-153; Resolution of the Federal Antimonopoly Service of the Moscow Region dated 01/20/2010 No. KG-A40 /14271-09).

Based on the contract

In paragraph 3 of Art. 75 of the Arbitration Procedure Code of the Russian Federation notes that documents received via electronic communication are recognized as written evidence if this is specified in the agreement between the parties. Accordingly, it is necessary to indicate that the parties recognize the equal legal force of correspondence and documents received via fax, the Internet and other electronic means of communication as the originals. In this case, the agreement must specify the email address from which electronic correspondence will be sent, and information about the authorized person authorized to conduct it.

The contract must stipulate that the designated email address is used by the parties not only for work correspondence, but also for the transfer of work results, which is confirmed by the position of the FAS MO in Resolution No. KG-A40/12090-08 dated January 12, 2009. The Decree of the Ninth AAS dated December 24, 2010 No. 09AP-31261/2010-GK emphasizes that the contract must stipulate the possibility of using e-mail to approve technical specifications and make claims regarding the quality of services provided and work performed.

In addition, the parties may provide in the agreement that notifications and messages sent by email are recognized by them, but must be additionally confirmed within a certain period by courier or by registered mail(Resolution of the Thirteenth AAS dated April 25, 2008 No. A56-42419/2007).

To summarize, we can say that today there is a practice of courts using electronic correspondence as written evidence. However, taking into account the requirements of procedural legislation regarding the admissibility and reliability of evidence, virtual correspondence is taken into account by the court only if it has legal force.

In this regard, there arises a large number of problems, since a unified methodology for determining the legitimacy of electronic correspondence has not yet been formed. The right of an interested party to contact a notary in order to secure evidence is enshrined, but there is no regulatory act of the Ministry of Justice of the Russian Federation regulating the procedure for the provision of such services by notaries. As a result, there is no single approach to determining their value and forming a clear mechanism for implementing this right.

There are several ways to give electronic correspondence legal force in order to present it as evidence in court: securing electronic correspondence from a notary, certification from an Internet provider, by reference to emails in further paper correspondence, as well as confirmation of their authenticity by forensic examination.

A competent approach to the timely provision of electronic correspondence as written evidence will allow business entities to fully restore their violated rights when resolving disputes.

Archiving or shadow copying all incoming and outgoing corporate email means automatic creation copies of each message arriving from/to the address, regardless of the actions of the recipient/sender. Copying is usually done to a separate mailbox corporate domain, while the From, To, and message body headers remain the same. If necessary, it is possible to separate archive streams according to certain criteria, for example, copying mail from employees of different departments is carried out to different addresses.

For what purposes may an enterprise require archiving of all correspondence in corporate mail?

Control over employee actions

The most popular mail archiving feature. Having access to copies of all correspondence of subordinates, the manager can at any time restore, for example, the history of correspondence with a client and make sure how responsibly the employee fulfills his duties job responsibilities. Was a response to the customer's letter sent? Was the response prompt (copies retain the original date and time of the message)? Was the employee's email to the point and comprehensive? Finally, was he simply polite to the contractor/client?

A particularly useful property of shadow copying is that the employee himself is unable to influence which letters will end up in the archive and which will not - everything is copied regardless of his desires or actions. That is, he can delete an “inconvenient” message in his mailbox and empty the trash can and even format the hard drive of his computer, but the message in the archive will remain untouchable.

Control over corporate correspondence of employees can be exercised either by the manager himself, by a specialist from the company’s security service (if there is one), or by any other responsible person, depending on the specific case.

Ability to restore correspondence

If access to mail is carried out via the POP3 protocol and messages are stored on user computers, it is very likely that all correspondence will be lost in the event of a failure hard drive or infection with a virus. In this case, restoration from the archive will ensure the rapid resumption of work correspondence, the client base, and the business process as a whole.

Archiving mail from a legal point of view

In order to avoid legal conflicts and possible claims from employees, it is advisable to document the employer’s right to archive, copy and further process any messages in the employee’s corporate mail. This can be done by adding a corresponding clause to the employment contract or, if the company practices signing an additional contract/obligation/agreement on non-disclosure of trade secrets, then in this document. This way, the process of creating and saving a copy of any message from an employee’s correspondence will acquire legally significant status.

Technical implementation of copying correspondence

In the simplest and most convenient way, archiving can be implemented from the corporate mail services hosting site. The customer formulates the conditions under which a copy of certain (or all) messages of certain (or all) employees should be created, and the service provider, the mail hosting provider, configures its equipment accordingly. To access the correspondence archive, the most universal way is to copy messages into a specially designated mailbox.

If the responsible employee has access to this mailbox via the IMAP protocol, it is possible to sort copies of messages into folders. For example, a hierarchical structure:

• employee 1
  • incoming
  • outgoing

• employee 2
  • incoming
  • outgoing

• employee 3
  • incoming
  • outgoing

In most cases this is more than enough. The user of the copy box only needs to ensure that it does not overflow and that the quota limits for the maximum volume occupied by messages or their maximum number are not exceeded.

Conclusion

Controlling corporate email through archiving (shadow copying) is a powerful means of protecting against leaks of trade secrets, a means of monitoring and assessing the performance of employees, as well as creating a backup copy in case of equipment or software failure. It is difficult to overestimate the importance of corporate mail in the business processes of a modern company; archiving gives the manager a powerful means of monitoring its flow.

A professional hosting provider of corporate mail, the site has been providing its customers with the widest opportunities to control mail flows since 2006.

When republishing an article, installing an active indexed hyperlink to the source - site site is required!

Business correspondence has finally moved to electronic format. Ease of use, saving time and resources, interactivity - electronic correspondence suits everyone until the relationship between business partners deteriorates, accusations of non-fulfillment of obligations follow and the risk of litigation arises. The hopes of the parties to prove their case based on messages received by e-mail are often in vain. The fact is that the courts take a rather cautious position in relation to electronic communications: there are a number of requirements, if not met, the court will not take them into account. The purpose of this article is to summarize the requirements of courts for the use of electronic correspondence as evidence.

What is the legal status of electronic correspondence?

According to paragraph 4 of Article 75 of the Arbitration Procedure Code of the Russian Federation, email correspondence between the parties may be recognized by the court as admissible written evidence in cases and in the manner prescribed by law.

The Letter of the Supreme Arbitration Court dated May 25, 2004 No. S1-7/UP-600 explains that the requirements of the law primarily mean the rules of Articles 160 and 434 of the Civil Code of the Russian Federation (Civil Code of the Russian Federation). The latter relate to the written form of the transaction and the form of the contract. The fact is that most often they try to include electronic correspondence as evidence in cases of recognition of a contract as concluded/not concluded. In this case, the parties may provide for the completion of transactions in “electronic form”, that is, the use of an electronic signature or another analogue of a handwritten signature.

The concept of an electronic signature is given in the Federal Law of the same name dated April 6, 2011 No. 63FZ and is defined as “information in electronic form that is attached to other information in electronic form (signed information) or is otherwise associated with such information and which is used to identify the person signing the information." In other words, an electronic signature is a means of authenticating the sender of an electronic document.

Electronic signatures are divided into several types depending on the degree of protection. The least secure type is a simple electronic signature. It is defined as “an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.” In this case, a simple electronic signature is recognized as valid if it is present on the actual electronic document, or if the key to it is used in accordance with the rules, installed by the operator information system exchange of documents and on the document there is an indication of the person who sent the document. Messages via e-mail (especially corporate e-mail) typically fit this description: the “from” line reflects the sender’s address and name, and users follow password rules (they act as “keys”) to comply with them. privacy.

Thus, if the parties have agreed that email addresses are recognized as theirs simple signatures, sufficient to authenticate the sender, and when sending electronic messages one of the conditions listed above is met, then the e-mail address will be recognized by the court as a simple electronic signature, and the correspondence will be admissible evidence.

Does the use of electronic correspondence pose legal risks?

Judicial practice allows us to highlight many risks associated with the use of e-mail. Here are some of them:

1) Recognition of the contract as not concluded

The Civil Code provides that a written contract can be concluded by exchanging documents via electronic communication, which allows one to reliably establish that the document comes from a party to the contract. Thus, if the parties do not agree to conclude a contract via electronic communication and do not ensure the secrecy of their email password, then the court will not be able to recognize the exchange of documents via email as evidence of the conclusion of the contract.

The buyer's consent can also be expressed by performing certain actions (for example, paying an advance on an invoice received by email). It is also important to stipulate the possibility of using e-mail for the conclusion additional agreements or annexes to the main agreement, otherwise the court will not take them into account and will limit itself to only considering the agreement concluded between the parties.

2) Recognition of obligations under the contract as unfulfilled

In addition to disputes about the non-conclusion of an agreement, it is not uncommon to challenge the fact of execution of the agreement, if it was also carried out by e-mail. This applies primarily to contracts for the provision of various consulting services and performance of work (writing articles or developing computer programs, preparing translations, developing websites, etc.). In this case, the contract must contain a condition that the execution of the contract (transfer of the result) by e-mail is considered proper. In addition, it would be useful to indicate in the contract the possibility of attaching electronic copies of documents to the texts of letters and recognizing such documents as having legal force.

3) Recognition of documents as not received

Another risk is related to the procedure for receiving claims and objections. For example, a court may find the mandatory pre-trial procedure not complied with if the parties have not agreed on the possibility of using email addresses to send claims and respond to them. This also applies to documents confirming the provision of services or performance of work (acceptance and transfer certificate), if the only mention of it in the contract is a standard phrase, for example: “The certificate is signed by both parties.” The court, as a rule, cannot interpret such a provision as consent to receive documents by e-mail.

In what form will the court accept electronic correspondence?

If it is necessary to attach electronic correspondence to the case materials, then the parties who have collected the necessary materials can contact the notary to provide evidence. Notaries have such powers in accordance with Article 102 of the Fundamentals of the Legislation of the Russian Federation on Notaries dated February 11, 1993 N 4462-I. However, it is necessary to take into account that the notary does not provide evidence in a case that, at the time interested parties contact the notary, is being processed by a court or administrative body.

If it was not possible to provide this evidence to the notary in time, then the inspection of email boxes can be carried out directly by the court, often from the computer (laptop) of the interested party (especially important if an email client is installed, for example, Outlook, The Bat, Thunderbird and others). In addition, the courts can also help in obtaining evidence: for example, sending requests to providers about email addresses belonging to the parties and owners of electronic mail resources about the exchange of data (see paragraph 8 of this Help).

Below are the main legal positions of the courts on the issue of accepting electronic correspondence as evidence.

1. Electronic correspondence is not accepted as evidence in the case if it was not provided for by the contract, the contract does not indicate the electronic addresses of the parties, and the other party disputes the existence of such correspondence

An agreement was concluded between ESSIER LLC and KAMEYA Co Trading House LLC for the provision of personnel selection services. The contract consisted of three stages, upon completion of each of which an act of acceptance and transfer of services was signed between the parties and the customer KAMEYA Co Trading House LLC paid the contractor ESSIER LLC a remuneration. The certificate of acceptance and transfer of services was drawn up only for the first stage of the contract; in subsequent stages, according to the plaintiff, all documents necessary for the execution of the contract were sent by both parties by e-mail. Refusing the plaintiff to satisfy his demands, the court pointed to:

• the simple written form of document flow between the parties provided for in the contract;
• lack of conditions on the possibility of executing the contract via electronic correspondence;
• absence of links to email addresses determined by the parties as acceptable for the transfer of any information;
• inability to establish that the address belongs to the defendant and his employees;
• The email address is registered on the kameya.ru domain, which is available for use by an unlimited number of persons.

(see Resolution of the Federal Arbitration Court of the Moscow District dated May 17, 2013 in case No. A40-102005/12-57-977)

2. Electronic correspondence can confirm the party’s interest in completing a transaction and serve as evidence of its completion

OOO " Transport company Unotrans went to court with a demand to oblige Depo LLC to pay for cargo transportation services. As evidence of the fulfillment of its obligations, the plaintiff cited application agreements with carriers and invoices. The defendant argued that the application agreements were not signed by him and that the plaintiff did not prove the fact of providing transportation services to the defendant. The court came to the conclusion that the disputed cargo, which belonged to Depot LLC, was received in due time by the consignee, that in the case there is evidence of payment for cargo transportation by the plaintiff and that the defendant did not provide evidence of payment for cargo transportation services by either him or the consignee, and that Electronic correspondence between the parties shows that Depo LLC had an interest in the transportation of the disputed cargo and resolved with the Company the issues of registration and payment for its transportation.

In this case, electronic correspondence is not the main evidence, but serves as confirmation that the defendant contacted the plaintiff specifically on the issue of the disputed cargo and considered him as the party responsible for organizing the process of transporting this cargo, and therefore was in a contractual relationship with the plaintiff.

(see Resolution of the Federal Arbitration Court of the Northwestern District dated May 6, 2013 in case No. A56-37916/2012)

3. If electronic correspondence was not provided for by the contract, it may be recognized as the established practice of relations between the parties

JSC "Chemical Plant named after. Karpova filed a claim against ASBTransExpoNeft LLC regarding failure to fulfill obligations under the supply agreement. As evidence of fulfillment of delivery obligations, the defendant provided electronic correspondence between the parties regarding the execution of the contract (about poor quality delivered products). The plaintiff objected to the inclusion of electronic correspondence in the case.

The court found that the supply agreement between the parties was concluded through the exchange of documents by e-mail: on the part of the plaintiff with email address « [email protected]", from the defendant's side from the email address " [email protected]" In a similar manner, the defendant sent the plaintiff the charter, certificates of state registration, tax registration, and issued an invoice for prepayment. In turn, the plaintiff sent payment orders to the defendant via e-mail to transfer the advance payment and notified him of his readiness to accept the goods. According to the court, this practice of relations between the parties indicates that the parties perceived e-mails sent from certain IP addresses as coming from authorized persons of the parties.

In assessing the evidence provided by the plaintiff, the court also took into account the fact that the plaintiff did not provide evidence of the unreliability of the submitted electronic correspondence of the parties, including the unreliability of the provided IP addresses.

(see the decision of the Arbitration Court of the Republic of Bashkortostan dated February 8, 2012 in case No. A07-16645/2011)

4. Failure by a party to recognize the use of electronic correspondence as an established practice in the relationship between the parties without providing supporting evidence is not considered by the court

Tsvetnoy Boulevard 2 LLC filed a claim with the Moscow Arbitration Court to recover 972,298.54 rubles for unjust enrichment from DM-Building LLC. The electronic correspondence was presented by the defendant along with other evidence (certificates of admission for construction and installation work, inspection of hidden work, work production log), and was accepted as appropriate evidence in the case regarding the order and execution of work by virtue of Art. 75 Arbitration Procedure Code of the Russian Federation. Despite the plaintiff’s denial of the relationship with DM-Building LLC, the plaintiff did not provide evidence to substantiate his objections, for example, that these works were performed by another organization or that the work was not performed. Based on the documents presented, the court concluded that there were actually existing relations related to the performance of construction and installation work by DM-Building LLC on behalf of Tsvetnoy Boulevard 2 LLC.

5. A party’s denial of ownership of an email address must not contradict other evidence

LLC "Trading House "Tagilsky" filed a lawsuit against LLC "Web Automation" for the recovery of unjust enrichment. The plaintiff insisted that an agreement on the development of a website on the Internet had not been concluded. The court concluded that the agreement was concluded by the defendant sending to the plaintiff a draft agreement and invoices that were paid by the plaintiff (i.e., the defendant’s offer was accepted).

The plaintiff argued that the parties did not agree on the essential terms of the contract, but the court found that the essential terms (the subject of the contract) were agreed upon by the parties in email correspondence. The plaintiff argued that he did not know the identity of the email address from which the correspondence was conducted. At the same time, it was from the specified email address that the plaintiff received invoices for payment, which were subsequently paid. The plaintiff argued that the contract was not performed, but the court rejected this argument, citing the existing work product - a website developed for the plaintiff, and the lack of evidence confirming the work was performed by another company.

(see Resolution of the Ninth Arbitration Court of Appeal dated April 9, 2013 No. 09ap-9501/2013-gk in case No. A40-134500/12)

6. The ownership of email addresses does not certify the content of electronic correspondence between the parties

LLC "RusHOLTS" filed a lawsuit against LLC "Astra Trading" to recognize the supply agreement as not concluded and to recover unjust enrichment. In proving the fact of the conclusion of the contract, the defendant relied on the fact that essential terms could be agreed upon in separate documents. The court rejected the defendant's request to request from National Telecommunications CJSC documents confirming the plaintiff's email addresses and information about the time the recipients received emails. In support of its actions, the court pointed out that the plaintiff’s ownership of email addresses does not certify the content of the parties’ electronic correspondence if such content was not properly recorded, allowing it to be reliably established that there was an exchange of specific messages submitted by the party.

(see Resolution of the Thirteenth Arbitration Court of Appeal dated June 20, 2013 in case No. A56-74372/2012)

7. To prove the fact of concluding an agreement, electronic correspondence must reflect its essential terms and must be conducted by an authorized person

a. ZAO Tsentrmetall filed a lawsuit against ANO Bureau forensic examinations and independent assessment" with a claim for the recovery of 135,000 rubles. unjust enrichment. Among the evidence of the conclusion of an agreement to conduct an examination, presented by the defendant, was electronic correspondence. The court recognized that the electronic correspondence did not contain information about the customer and the research objects and reflected only an attempt to coordinate relations between the parties. In addition, this correspondence was conducted by a person whose authority has not been confirmed. In the absence of other evidence of the conclusion of the contract, the court satisfied the plaintiff's demands.
(see Resolution of the Seventeenth Arbitration Court of Appeal dated November 28, 2012 N 17ap-12557/2012-gk case n a50-11958/2012)

b. IP Baranova E.I. filed a lawsuit against Expert-Com LLC for the recovery of unjust enrichment. Electronic correspondence materials were added to the case as evidence of the conclusion of the contract, since they confirmed, in particular, the conduct of pre-contractual negotiations between the parties, the sending to the representatives of the plaintiff, including Mikhail Chernoskutov, of a draft agreement for assessment, an invoice that was paid by payment instructions, and expert opinion. In the electronic correspondence (letters dated 10/08/2012, dated 10/09/2012), the sender indicated Mikhail Petrovich Chernoskutov, who sent his comments regarding the conclusion, he also took direct part in all court hearings in the Arbitration Court of the Sverdlovsk Region, as a representative of the plaintiff, acting on based on the power of attorney.

Based on these facts, the court concluded that the electronic correspondence contained all the essential terms of the contract, as well as evidence of its execution, and was sent to the plaintiff through an authorized person (at the proper email address).

(see Resolution of the Seventeenth Arbitration Court of Appeal dated June 20, 2013 No. 17ap-5881/2013-gk in case no. a60-50181/2012)

8. Contacting the provider with a request to determine the IP addresses of the parties and to provide log files can serve as evidence of fulfillment of obligations under the contract

LLC AKG "EKFARD" filed a lawsuit against OJSC "OGK-2" for the collection of debt under the contract and interest for the use of other people's in cash. LLC AKG "EKFARD" provided consulting services by sending answers to questions from OJSC "OGK-2" to the email address of the person from whom the question was received, to the client's general email address and/or by fax. The court established the providers of the parties and the IP addresses of the parties, as well as the fact of correspondence between these IP addresses. As evidence of the latter, the court was provided with printouts of log files containing information about connections between the parties’ IP addresses during the period of validity of the contract for the provision of consulting services, indicating the following details: year, month, day, time, IP address and port number, with which information was transmitted, the IP address and port number to which the information was transmitted, the number of bytes transmitted. The court found that the date of the connections coincided with the dates of the letters in the register of written responses prepared by AKG EKFARD LLC, and the number of kilobytes transferred was more than 50 kilobytes for each answer to the question. The transfer of data from IP address to IP address indicates the transmission of written responses for the period of validity of the contract for the provision of consulting services. The court came to the conclusion that AKG EKFARD LLC provided services under the contract despite the fact that the contract did not establish the circle of persons authorized to seek consultations.

(see Decision of the Arbitration Court of the Stavropol Territory dated 04/07/2013 in case No. A63-9031/2010).

To admit email correspondence as evidence The contract must provide:

1. Provision on the choice of the preferred method of communication between the parties to the agreement in the form of e-mail;

2. Authorized email addresses from which correspondence will occur, as well as the procedure for changing such addresses;

3. The need to archive all emails received by the parties immediately after they are received (to prevent retractions and replacement of emails)

4. Provision on the recognition by the parties of scanned and photo copies of documents as equal in legal force to the original documents;

5. The obligation of the parties to maintain the confidentiality of email passwords and ensure that messages cannot be sent by third parties;

6. Obligation to immediately inform about a change of email address and a violation of email confidentiality.

During the execution of the Agreement necessary:

1. Include links to emails (their sender, message subject, date and time of sending) in regular letters, for example, when making the first claim regarding non-fulfillment of the contract by the counterparty, it is important to ensure that the latter recognizes the accuracy of the information contained in the email correspondence (for example, “Confirm , please, readiness to deliver the goods within the time period determined by us in the e-mail “Agreement 123/2013” ​​dated ______”);

2. Store original documents sent to the counterparty in the form of electronic copies.

Before preparing a case for trial necessary:

1. Contact a notary to draw up a protocol for examining the electronic mailbox;

2. Find other evidence that can confirm the information contained in the email correspondence;

3. Find evidence confirming that electronic correspondence is the established practice of the parties (relationships under previous agreements between the parties, documents proving the actual recognition of the other party as the preferred method of communication);

4. Prepare a draft legal request to the provider about the ownership of the parties' email addresses (however, this will only make sense if there are static IP addresses);

5. Prepare a draft judicial request to the owners of electronic mail resources about the presence or absence of the exchange of messages between the parties on specific dates.

We hope the above comments are helpful to you. If you have any questions in connection with the above, you can contact me at any convenient time.

Sincerely,

We consider backup and creation of backups from the point of view of organizing the work process

ABOUT technical means Reserve copy and information recovery, a lot has already been said, so in this article we will look at creating backups more from the point of view of organizing this process. Effective information backup systems imply, first of all, a competent strategy, organizational decisions and data preservation policies.

We see the following types of backup as the main trends for 2017-2019:

• copying from any devices on a “subscription” basis for each gigabyte of data using cloud services, which, through an agent pre-installed in the system, “upload” copies to the cloud. An example of this is
• copying to the cloud using Veaam and similar products (Acronis/Symantec/HP Data Protector). Requires preparation of the provider, setting up a connector between the provider’s cloud and the “ground” virtual environment.
• “in-house” copying using software solutions from manufacturers NAS systems or dedicated corporate sector storage
• distributed backup using solutions built into Windows Server OS

Backup tasks in an organization

Backing up information most often serves two purposes:

• save data for the fastest possible recovery (disaster recovery), if an accident occurs with the company’s IT system, it is attacked by a virus, etc. Such backup copies a relatively short storage period (most often a day or two, then they are overwritten by newer ones), the data can be accessed very quickly. User and business data are copied, as well as OS settings, application software and all information necessary to restore system functionality
• create a long-term archive of information about the company’s activities, which can be accessed if necessary to obtain data for past periods. Such archives are stored for a long time (months and years), the speed of access to them is not particularly important - it is usually not a problem if receiving the data takes several days. Only business and user data is stored, there is no need to store any system information.

For example, in the copy for quick recovery system you can only access the latest one, current version any document, and the archive can store all its past versions.

These two goals can be combined, maintaining a long-term archive and making “snapshots” of the system for disaster recovery, especially if there is little data and the company is not complex. But you should clearly distinguish between what you are doing and for what purposes, what resources you use for each task, where and for how long these backups will be stored, based on business requirements.

In the event of an accident, you can restore the system to “bare metal”, i.e. backup and then restore the OS from a backup with all the settings, custom applications and data. However, such copies are more difficult to create, they require more storage space, and in some cases the hardware configuration must be completely identical to the one from which the copy was made, otherwise such recovery will not work. Therefore, sometimes it is more advisable to reinstall the OS again and then restore business application data. When choosing policies for making, storing copies and restoring data from them, it is worth taking into account the operating features and available resources of each specific company; there are no universal recommendations.

Backup VS Overbooking

So that the equipment continues to work even if some separate component fails, a certain redundancy is introduced into it - “extra” components or computing resources that may seem unnecessary in normal operating mode.

Example of redundancy:

• cluster architecture, where when a node fails, its functions are taken over by other nodes
• A RAID array in which the failure of one of the disks is not critical for the system as a whole, the information will be preserved
• a “mirror” server to which data is constantly replicated from the main one and to which company services are switched if main server lost his ability to work.

This redundancy improves system reliability, but it is not a replacement for backup. Neither the cluster nor the cluster will in any way protect the data from a virus, deletion due to user error or file system corruption, since the data will be affected throughout the entire system, and there will be no undamaged copy left for recovery. In addition, none of the above tools will fully solve the problem of maintaining a long-term archive of company data.

Backup routine

The backup process itself significantly loads the server from which information is copied, to the point of failure of certain services and inaccessibility to users. In addition, it is very desirable that no changes are made to the data at the moment when it is copied - this can cause various collisions.

It is better not to copy data “on the go”, but to create backup copies when no one is using the system or the load is minimal. For companies with standard working hours, it makes sense to make backups at night or on weekends; for 24-hour services, it is worth choosing a time when user activity is minimal.

Types of backup in an organization

Exist different technologies backups, which differ in cost and time:

• full backup– the selected data is copied entirely. Most reliable way, but requires the greatest amount of resources, data storage space and copying time, therefore it is rarely used in its pure form, usually combined with other types (for example, the first time it is removed from the system full copy, and then only the changes made are backed up). Allows you to restore lost data from scratch faster than all other types of copying
• incremental copy– only data that has been changed since the last backup is recorded. Such copies require significantly less memory than a full copy, and they are made much faster. Of course, with this approach it is necessary to periodically make a full backup; in case of any accident, the system is restored from such a copy, and then all subsequent incremental copies are rolled onto it in chronological order. Important point: Incremental copy restores deleted files and all previous versions files that have changed, so when restoring you should provide additional disk space in this case
• differential backup– similar to incremental, i.e. Only changes made since the last full copy are copied. The difference is that each subsequent copy retains changes from the previous one and adds new ones. It turns out that to recover after a disaster, you only need a full copy and the last of the differential ones, which significantly reduces recovery time. The disadvantages, compared to incremental copying, are the large volume of copies (sometimes comparable to full copying) and longer time copying.

To choose the type of copying that is suitable for each specific case, you should first assess, at a minimum, how much space is available for storing backup copies, and how much time can be allocated for the “backup window” without compromising business processes.

Backup topology

Backup schemes also differ in their topology.

• Decentralized scheme. Its essence is that each server and workstation can have its own backup software that works independently of other network nodes. All data is uploaded to some common network resource, from where they are then archived or restored, if necessary. The advantages of the scheme are that it is extremely simple, easy to implement and usually does not require additional software; copying is done regular means operating system or DBMS. There are also disadvantages - it is difficult to establish a general backup and information protection policy, a backup schedule is common for all programs, you will have to configure and monitor the activities of each program separately, which complicates administration. Therefore, a decentralized backup scheme is suitable either for a small and simple network, or for cases where a centralized scheme cannot be organized due to any restrictions
• Centralized scheme– its implementation requires specialized client-server software. The server part is installed on the backup server and centrally manages software agents installed on users, which collect, copy information about the system or restore it from a copy. In this option, it is easy to set up general backup policies and backup schedules; all participants can work in accordance with the company’s general information backup instructions
• Centralized backup scheme without agent programs– a simplified version of the previous scheme, when the server part uses only existing services (for example, collects data from specially designated shared folders Windows). The circuit is not very reliable, it has a known problem when open in this moment files for editing are not backed up and may be lost if the system fails. Therefore, it should only be used on small networks and subject to high user discipline
• Mixed scheme– a combination of centralized and decentralized. Agent programs are installed only on some network servers; other devices send data to these servers local programs, each by their own means. And from these servers, the accumulated information will be centrally collected by agent programs, processed and sent to a common storage.

Backup storage location

To further protect information from possible loss, it is advisable to physically store backup copies separately from the main equipment on which the working system. At the same time, it is necessary to ensure the ability to quickly obtain these copies if such a case actually arises when the data needs to be restored.

The most popular method is to store backups in the cloud in a data center (your own or rented from a provider), sending data there and receiving it back via a secure VPN tunnel. The data transfer rate in this case is limited by the bandwidth of the channel, but large amounts of data can be compressed using compression algorithms or deduplication.

You can also record data on removable physical media that will be stored outside the office or company building. Plus this approach is its simplicity, the disadvantages are the need to organize the logistics of moving physical media to rewrite copies, to restore data from a copy, as well as secure data storage (data encryption, non-disclosure agreements with employees).

Organizational aspects and human factor

In addition to purely technical issues, the organizational aspect is also important in organizing information backup. It is necessary to develop a regulation on the backup of information and ensure that all involved employees comply with it. In particular, such a provision should include the following:

• regularity of backups, scheduled backups and before important changes in the system
• double-checking backups - it is necessary to periodically check whether it is really possible to restore a working database or system from a backup copy
• documenting recovery procedures in case another administrator has to restore the system. Naturally, access to such documentation should be limited
• determination of conditions under which the system is considered inoperative and it is necessary to begin the recovery procedure

The study was carried out during the period 08.15.-10.1.2006. The process of collecting primary statistical data involved 137 respondents who filled out online questionnaires.

Introduction

Today, every company uses email as one of the main means of business communication. At the same time, at large enterprises the daily volume of correspondence can amount to tens and hundreds of gigabytes. All these messages are stored in folders of employees' personal email clients, which simply “swell” over time. As a result, management has to make a choice: implement special solution for centralized archiving and storage of corporate correspondence or try to ignore the problem. Note that in some cases the need for a centralized solution may be dictated by relevant regulations, although for Russia this is a rather rare situation. In addition, both the organization’s IT security service and commercial departments can receive a number of benefits from using a specialized solution. Moreover, it is believed all over the world that an effectively functioning IT infrastructure in any case should include a centralized archive of corporate mail.

This research is the first public Russian project aimed at studying the problem of centralized email archiving in a corporate environment. The study aims to identify the views of Russian organizations on the problem of collecting and storing electronic messages, to study the benefits of using a specialized solution and the requirements that business places on such products. In addition, the study allows us to find out the plans of Russian companies to introduce centralized corporate archives into their IT infrastructure.

General conclusions

• Only 14% of respondents use specialized solutions for archiving email traffic, while 86% of companies simply turn a blind eye to the problem.
• Internal IT security (protection from insiders and leaks, incident investigation) leads among all the benefits that a business can receive from implementing a centralized archive of corporate correspondence.
• The ideal archive in the eyes of Russian companies is a safe, productive, automated product with rich analytical functionality.
• The majority of respondents (62%) are convinced of the need to archive not only email traffic, but also all Internet traffic. This helps create a comprehensive system of protection against leaks and insiders.
• Serious growth awaits Russian market mail traffic archiving tools. 31% of respondents plan to implement a centralized archive in 2006 and 2007, and 26% - in 2008-2009. Thus, from 2006 to 2009, more than half of the surveyed companies (57%) are going to acquire a centralized archive.

Research methodology

The study was carried out during the period 08.15.-10.1.2006. The process of collecting primary statistical data involved 137 respondents who filled out online questionnaires on the website CNews.ru. The survey questions and research results were prepared by the InfoWatch analytical center. The data below is rounded to the nearest whole number unless precision is stated explicitly.

Respondent's portrait

In Fig. Figure 1 shows a portrait of respondents by the number of computerized workplaces in the organization. The largest portion of the surveyed companies (43%) have less than 500 computerized workplaces. The share of medium-sized organizations (501-1000 places) accounted for 29% of the surveyed organizations. Representatives of large businesses made up two more segments: 16% (1001-5000 places) and 12% (more than 5000 places).

Fig.1

The following diagram (Fig. 2) shows the distribution of respondents by occupation. The largest part of the surveyed organizations works in the field of telecommunications and IT (36%). Financial services and insurance accounted for 22% of respondents; for ministries and departments - 17%, fuel and energy complex - 13% and other sectors of the economy (trade, production) - 12%.

Fig.2

Archiving correspondence in practice

The first main question of the InfoWatch analytical center was aimed at finding out how exactly Russian enterprises solve the problem of email archiving in practice. In other words, do they already use special centralized archives or simply ignore the problem, leaving it to their employees or even to chance.

In Fig. Figure 3 shows the distribution of answers to the question of how the organization solves the problem of collecting and storing corporate correspondence. It turned out that only 14% of respondents use specialized solutions, while 86% of companies simply bury their heads in the sand. Of these, 49% of organizations believe that each employee must “get out” on his own: make backup copies on CD, empty folders in the email client, upload messages to the hard drive, etc. Finally, 37% of 86% prefer to ignore the problem completely.

Fig.3

As CNews Analytics experts point out, this distribution of responses raises serious concerns, since in almost half of the companies (49%) the problem of collecting and storing corporate correspondence is solved, in fact, by “homemade” methods. The fact that staff archive and back up their communications themselves creates dangerous risks of leaking confidential information if the archive or backup is compromised. Moreover, staff spend their time performing operations that are simply not covered by job descriptions, and often employees may simply not have the qualifications to perform functions traditionally assigned to the IT department.

According to the InfoWatch analytical center, in terms of collecting and storing corporate correspondence Russian companies today are still in the "stone age". Moreover, no obstacles to the implementation of specialized tools can serve as sufficient grounds for assigning the responsibility for creating corporate archives to office employees or even trying to turn a blind eye to the problem. It is obvious that with the growing informatization of domestic organizations, the accumulation and preservation of electronic messages will become more and more important task. Every organization will have to solve this problem, one way or another.

Incentives to use central archives

One of the most important results of the study was the identification of the benefits that businesses can receive from using centralized archives of corporate correspondence. A priori, InfoWatch experts have identified 5 main reasons why organizations use specialized solutions for collecting and storing electronic messages.

• Some laws, standards, and other regulations require companies to create and maintain email archives. For example, the Bank of Russia standard for IT security (STO BR IBBS-1.0-2006), the Russian law “On Archiving in the Russian Federation”, the American laws SOX (Sarbanes-Oxley Act of 2002) and HIPAA (Health Insurance Portability and Accountability Act) , etc.
• Analysis of all incoming and outgoing messages is an effective method of investigating any corporate incidents, especially in the field of IT security and financial fraud;
• A business can integrate a centralized storage with a comprehensive system for protecting against leaks of confidential information and, thereby, increase the efficiency of this system;
• A centralized mail archive solves the problem of backing up electronic messages, which otherwise each employee must solve independently;
• In the event of legal claims against the company and after an external independent audit, authentic letters from the corporate archive can serve as evidence in court;
• The ability to make specific selections from a correspondence repository allows you to solve many business problems in the field of marketing, sales, etc.

CNews Analytics specialists note that in the countries of the European Union and North America, businesses and government agencies are simply required to create centralized archives, since these requirements are enshrined in law or regulation. However, in Russia the situation is somewhat different - the regulatory burden is much lighter, although some laws and standards in the field of collecting and storing messages still exist. For convenience, the most popular standards are grouped in the table below (see Table 1).

Table 1

Laws and regulations in the field of collection and storage of corporate correspondence

Name	Scope	Requirements
Basel II Agreement (“International convergence of capital measurement and capital standards: new approaches”)	All banks in Europe and Russia, as well as the largest US banks (in Russia since 2009)	Create archives of electronic correspondence with the ability to conduct analytical samples and guarantee the authenticity of stored messages
Bank of Russia standard: “Ensuring information security of organizations of the banking system of the Russian Federation. General provisions" (STO BR IBBS-1.0-2006), §8.2.6.4	All Russian banks, including the Central Bank (the standard is still advisory in nature)	§8.2.6.4: “E-mail must be archived. The archive should be accessible only to the unit (person) in the organization responsible for ensuring information security. Changes to the archive are not allowed. Access to archive information should be limited.”
Federal Law “On Archiving in the Russian Federation”	All government bodies, local government bodies of the municipal district and urban district	Create archives for storage, acquisition, accounting and use archival documents, including email. Restrict access to this information, regardless of its form of ownership, if it constitutes a state or other secret protected by the legislation of the Russian Federation.
EU Data Retention Directive	All telecommunications companies doing business in the European Union	Archive and store for at least one year all information transmitted via electronic channels communications: e-mail, negotiations by mobile and wired phones, fax documents, etc.
SOX Act (Sarbanes-Oxley Act of 2002), §802	All public companies listed on the US stock market	Collect, archive and store electronic corporate correspondence for at least seven years. The authenticity of electronic communications must be guaranteed, and mechanisms must be implemented to allow sampling from the archive for the purpose of conducting a full-scale retrospective analysis.
HIPAA (Health Insurance Portability and Accountability Act of 1996), Security and Privacy Rule	All medical, insurance and financial organizations that handle sensitive health information	Each organization must store all its electronic documentation for at least 6 years from the date of creation or last use.
SEC Rule 17a-4.	All financial public companies listed on the US stock market	Store correspondence with clients as a separate database. This database must comply with standards for such parameters as searching and checking information, support and archiving. In addition, the authenticity of electronic messages stored in the database must be ensured.

Thus, the regulatory burden of Russian organizations is small: government agencies are subject to the Federal Law “On Archiving in the Russian Federation”, financial companies are subject to the Basel II agreement and the Central Bank standard, and all other organizations encounter foreign laws only when carrying out international transactions, for example, IPOs, opening branches in the EU, etc. It can be summarized that the specificity of the Russian market for archiving corporate correspondence is practically complete absence stringent requirements that would oblige organizations to collect and retain emails.

What incentives then do domestic enterprises see in introducing specialized archives? The answer to this question can be found in Fig. 4. InfoWatch experts asked respondents to rate on a 6-point scale the benefits that businesses receive from using centralized solutions for collecting and storing electronic correspondence. A score of “6” meant that this stimulus was “very important” for the respondent, while a score of “1” meant, on the contrary, “not very important.” The six stimuli listed above were offered as response options:

• compliance with regulations,
• investigation of IT security incidents,
• centralized creation of backup copies of messages,
• the ability to present messages as evidence in court,
• creating powerful retrospective samples to solve business problems,
• integration of the archive with a system for protecting against leaks of confidential information.

As it turns out, some of these incentives have no weight at all for Russian companies. For example, absolutely all respondents believe that authentic electronic messages from a specialized archive will not help in any way in the event of prosecution. As a result, no organization surveyed rated this incentive higher than a “3.” In other words, all ratings in this case were distributed from “1” (not at all important) to “3” (more likely not important than important).

Fig.4

In Fig. Figure 4 shows the distribution of ratings for all six stimuli. The importance of one or another benefit from using a centralized archive decreases from left to right. It is easy to notice that in the category “compliance with laws and standards,” a total of 34% of respondents gave a rating higher than “3.” In other words, this incentive matters only to one third of Russian organizations surveyed. According to the InfoWatch analytical center, if a similar survey were conducted among European or North American companies, then at least two more respondents would have indicated regulations. However, this is precisely where the specificity of the Russian market manifests itself. However, an analysis of the correlation between the field of activity and the scale of the organization on the one hand, as well as the importance of the normative factor on the other hand, allowed us to establish the following correspondence. First of all, the 34% of respondents who rated “compliance with laws and standards” above three included absolutely all ministries and departments participating in the survey (17%), as well as the majority of financial organizations (17% of 22%), mostly large ones. Note that these sectors must indeed comply, respectively, with the Federal Law “On Archiving in the Russian Federation” and the Bank of Russia IT security standard (as well as the Basel II agreement). Although the fact that only 14% of all respondents use centralized archives in practice speaks for itself...

Meanwhile, in the following figure (Fig. 5), for completeness, the average ratings for each stimulus are indicated, rounded to the nearest tenth of a point. As you can see, only four factors received a rating higher than “4”: investigation of IT security incidents (4.7), integration with a leak protection system (4.5), creation of backup copies (4.4) and the ability to compile analytical samples ( 4.2). This means that these four incentives are of the greatest value to respondents.

Fig.5

As CNews Analytics experts point out, the distribution of points is quite natural. This is especially true for the ability to conduct an effective investigation of almost any internal IT security incident, that is, to identify an insider and prove his guilt. The point is that on this moment Russian organizations have developed a vicious practice of conducting internal investigations, in which the personal computers of suspected employees are seized, the employees themselves are driven from their workplaces, and IT security specialists consistently study emails in the email client. The disadvantages of this approach are obvious. Firstly, it is almost impossible to conduct such an investigation without the staff noticing. This means that within a few minutes after the start of investigative actions, the entire organization will find out that there is a “mole” in the company. It is possible that as a result of gossip, information will reach the press or competitors. Secondly, it is impossible to hide the circle of suspects. In other words, every employee whose workstation is seized will know that management does not trust him. This will have a particularly bad effect on the general climate among the staff if it turns out that the insider was never found. Employees may feel offended, which under certain circumstances leads to sabotage according to the principle: “If you were wronged undeservedly, deserve it!” Thirdly, even a slightly savvy renegade will guess to simply delete messages compromising him from mail client. Since IT security specialists do not know exactly which of the suspects is an insider, they will not take the time to restore erased data on all workstations in a row.

Meanwhile, if the company has a centralized archive of corporate correspondence, then the entire investigation will take a few hours at most, during which the security officer will sit quietly in his chair and make analytical selections from the repository. Message filters, sorting by groups, searching for key phrases - all these tools allow you to quickly find any suspicious messages in the general archive. At the same time, no one bothers innocent staff and spoils the working atmosphere in the office. This is exactly what civilized companies do that care about themselves and their employees. According to the expert assessment of InfoWatch, approximately 80% of internal IT security incidents can be resolved by analyzing electronic messages. Thus, creating a centralized repository of incoming and outgoing letters allows you to conduct effective investigations even in a large company.

Case from practice An example of a victory over insiders was demonstrated in mid-February 2006 by the Russian system integrator LETA IT-company. Thanks to a competent approach to internal IT security, the company was able to neutralize an insider who was caught abusing his official position. An internal investigation showed that one of the account managers attempted to negotiate contracts for the supply of software not through his legitimate employer, but through a shell company created by him. If the insider had succeeded in putting his plan into action, LETA would have suffered serious financial losses associated with lost profits and leakage of information about customers. It is possible that the company would have suffered even greater damage due to the deterioration of its reputation. However, the abuse was quickly and early identified through a comprehensive leak prevention system. The company's IT infrastructure included a system for filtering mail traffic and detecting leaks of confidential information - InfoWatch Mail Monitor, as well as a centralized archive - InfoWatch Mail Storage. At the beginning, LETA's IT security officer received an alert about suspicious employee activity from Mail Monitor. However, only the study of email messages that the insider exchanged with potential customers helped prove the insider’s guilt. For these purposes, we had to make several analytical choices from Mail Storage. Further, as soon as suspicions grew stronger, the incident was immediately reported to the authorities. Thus, the organization was able to protect its most valuable information asset - its customer base. The insider, found to have violated his employment contract, which included a confidentiality clause, and corporate ethics, paid damages and was fired. At the same time, LETA management decided not to hush up the incident, but to inform the public and other companies so that the insider could not find a new victim.

According to the InfoWatch analytical center, respondents quite rightly assessed the importance of such a tool as analytical samples from a centralized repository. The fact is that a corporate solution for collecting and storing correspondence allows an organization to receive a number of benefits when solving business problems. The following are just typical scenarios:

• The software company has released the next version of its product. After several months, the head of the technical department decided to evaluate the dynamics of changes in the quality of work of programmers and testers. To do this, he asks his subordinate to write a report on the number of calls to the service technical support from the users. In this case, it is necessary to sort requests into categories - separately for each version software product, as well as provide the dynamics of the growth in the number of requests over time. This task is very easily solved with the help of an archive of corporate correspondence. An employee of the technical department makes an analytical sample, first filtering out all requests to the technical support service, then dividing them into different versions products (filtering by keywords), and then creating an analytical report (reflecting dynamics over time) using powerful built-in tools. All this will take no more than 30 minutes. For clarity, this example omitted two more roles: the corporate archive administrator (the person who configures its operation, but does not have access to the messages themselves) and the security officer (the person who has access to the messages, but does not have rights to manage the repository). This separation of roles is necessary to ensure the authenticity of the archive. Note that without using a corporate correspondence repository, solving the problem technical director the task will be much more difficult.
• The telecommunications company launched new service, for example, a new tariff plan for Internet access or mobile communications. The marketing director wants to gauge consumer reaction to a new product by comparing it with the reaction to a service launched, say, last year. He instructs the marketing manager to write a corresponding report, who, with the help of the administrator and the security officer, simply needs to filter out all messages received in the company's public mailboxes and mentioning the new service. Similar to the previous case, the report is compiled in no more than 30 minutes. As a result, the head of the marketing department can operate with real numbers, performing control and planning functions in the activities of his department.
• The head of one of the departments of a large company plans to create an expert or simply a working group to resolve a specific issue or develop a new project. When selecting members of the team being formed, the manager is faced with the question: “Do the candidates under consideration know each other?” Instead of inviting more than a dozen specialists to his place and asking them if they know anyone in the room, the boss simply asks them to “punch” the names of candidates in the mail archive. It is almost certain that people who know each other at least a little and work in the same company have exchanged letters at least once. Meanwhile, a large number general messages may indicate friendship between employees and stable camaraderie. Thus, an experienced manager can take into account the important interpersonal component when forming a team of professionals.

There are quite a lot of such examples, since analytical samples are required in many areas of corporate management. They can be used to assess the effectiveness of internal corporate communications, marketing campaigns, technical solutions etc.

Requirements for archiving systems

At the next stage of the study, the InfoWatch analytical center asked respondents to rate the degree of importance various characteristics centralized archives. As in the previous case, companies were presented with six parameters to choose from, each of which could be rated on a 6-point scale (1 - “least important”, 6 - “extremely important”). Among the options offered to respondents were the following:

• High performance (resistance to loads and intense mail flow);
• Powerful tools for searching the archive and generating analytical samples;
• High archive security (protection against unauthorized modification of messages);
• Wide range of supported external DBMS for message export;
• Flexible storage and archiving policies that are executed automatically;
• Compatible with tools for creating backup copies on physical media.
• The distribution of answers is presented in the figure below (see Fig. 6).

Fig.6

In Fig. Figure 6 shows the distribution of ratings for all six parameters. The importance of one or another characteristic of a centralized archive decreases from left to right. It is easy to notice that in the “wide range of supported DBMS” category, a total of 30% of respondents gave a rating higher than “3,” which is less than half of the companies surveyed. According to CNews Analytics experts, such neglect of this parameter is easily explained by the fact that today the DBMS market is dominated by products from only three manufacturers. These are Oracle, IBM and Microsoft. In other words, “broad support” implies the ability to work either with all three types of DBMS, or with the most popular of them - Oracle.

In addition, attention is drawn to some uncertainty among respondents in assessing the parameter “Support for hard backup copies” (compatibility with means of creating backup copies on physical media). From Fig. 6 shows that a total of 59% of respondents gave ratings of “3” and “4”. As InfoWatch experts point out, such a relatively neutral reaction to this characteristic of the solution may be due to the fact that Russian companies simply do not need to store electronic messages for long term. If Western organizations are required to follow the letter of the law and store mail for 6-7 years, then Russian companies are left to their own devices in this regard. So instead of recording data on magnetic tapes, organizations can simply delete it.

Meanwhile, in the following figure (Fig. 7), for completeness, the average ratings for each stimulus are indicated, rounded to the nearest tenth of a point. As you can see, only four factors received a rating higher than “4”: investigation of IT security incidents (4.7), integration with a leak protection system (4.5), creation of backup copies (4.4) and the ability to compile analytical samples ( 4.2). This means that these four incentives are of the greatest value to respondents.

Fig.7

Low scores of the two least important parameters have already been commented on above, so let’s focus on the most popular characteristics of a centralized archive. First of all, respondents rated the security of messages in the archive quite highly (4.6). According to CNews Analytics experts, archive protection cannot be neglected, since if correspondence is leaked, the company’s commercial and technical secrets may fall into the hands of competitors or fraudsters. At the same time, the formula is widely known: the leak of only 20% of trade secrets in 60% of cases leads to bankruptcy of the company.

The increased attention of respondents to the ability to create analytical samples (4.2) is explained by the fact that Russian organizations generally understand that a centralized archive can serve as an excellent tool for solving business problems. Scenarios for such use of the archive were given above.

Of particular interest are such characteristics as high performance and the ability to set flexible policies that will be executed automatically. At the beginning of the study, it was already indicated that the mail traffic of a large organization can amount to tens of gigabytes per day. Moreover, this is not such a rarity. For example, InfoWatch solution Mail Storage daily processes and archives more than 20 GB of mail messages from VimpelCom OJSC. In this case, not only high performance and fault tolerance of the product are important, but also automation of the entire collection and archiving process.

Archiving Internet Data

With their penultimate question, experts from the InfoWatch analytical center tried to find out the respondents’ attitude to the need to archive not only email, but also Internet data. Indeed, in some cases, an organization needs to store all web traffic and, in general, all information sent over communication channels. The distribution of answers is presented in the figure below (see Fig. 8).

Fig.8

The need to save all web traffic may arise when implementing a comprehensive system of protection against leaks and insiders. In this case, the IT security department will have a tool at its disposal that will allow it to investigate leaks via web channels, analyze the nature of the use of the organization’s web resources, etc. This opinion is generally shared by 62% of respondents, who chose the options “Very Important” (24%) and “Important” (38%). Only 38% of companies hold the opposite point of view. Thus, supplementing traditional email archives with functions for collecting and storing Internet data can be a promising move for IT solution providers.

Plans of Russian companies

Fig.9

According to CNews Analytics experts, the Russian market for archiving electronic correspondence is expected to experience serious growth over the next four years. Moreover, companies that do not plan to implement appropriate solutions today may change their minds in the coming years or even accelerate plans already agreed upon. Thus, both suppliers and customers should pay attention to centralized archiving of corporate mail.

Conclusion

Only 14% of respondents use specialized solutions for archiving email traffic, while 86% of companies simply turn a blind eye to the problem. Of these, 49% of organizations believe that each employee should solve the issue on their own (getting out of it as best they can), and 37% prefer to ignore the problem completely.

Among the incentives for implementing a centralized archive, respondents consider the most important to be the ability to investigate IT security incidents (average score 4.7 out of 6), integration with a leak protection system (4.5 out of 6), and creation of backup copies (4.4 out of 6) and the ability to create analytical samples to solve business problems (4.2 out of 6). This distribution of answers has a reasonable basis, since the use of a corporate archive really allows you to effectively investigate IT security incidents and prevent leaks, as well as relieve staff of the responsibility for creating “homemade” archives.

The most important requirements for the characteristics of a centralized archive, according to respondents, are high security (average score 4.6 out of 6), powerful capabilities for creating analytical samples (4.2 out of 6), as well as high performance and flexible automatic policies (4 each from 6). Thus, IT security problems again come to the fore, although message analysis capabilities, high performance, fault tolerance and solution automation are slightly less important.

Meanwhile, 62% of respondents believe that it is necessary to archive not only email traffic, but also all Internet traffic. This helps create a comprehensive system of protection against leaks and insiders. In addition, the IT security department has a tool at its disposal that allows it to investigate leaks via web channels, analyze the nature of use of the organization’s web resources, etc.

Further, 31% of respondents plan to implement a centralized archive within the next two years (2006 and 2007), and 26% - within the next four years (2008-2009). Thus, from 2006 to 2009, more than half of the companies surveyed (57%) are going to implement a centralized archive. Finally, 24% of respondents are postponing this task until the distant future (since 2010), and 5% are not going to implement the archive at all, since “it is not a priority.”

About InfoWatch

InfoWatch is an innovative company that develops unique technologies for the promising area of ​​information security - protection against internal threats. The company's competence includes minimizing the risk of leakage, data destruction, sabotage, industrial espionage and other careless and unlawful actions of employees in relation to corporate information.

The company's unique solutions allow you to control transactions with documents inside corporate network and prevent those that do not comply with the security policy. In particular, InfoWatch provides checking of mail and Internet traffic, as well as monitoring at the level of file operations (copying, deleting, renaming, changing, printing documents). Together with traditional protection systems ( firewalls, filters, authorization, crypto-protection, etc.) InfoWatch allows you to build a comprehensive corporate security structure by providing the “rear” - reliable protection against internal threats.

Among our clients are the Ministry of Economic Development and Trade of the Russian Federation, the Ministry of Finance of the Russian Federation, HydroOGK, Transneft, VimpelCom, Megafon, Federal Customs Service of the Russian Federation, Vneshtorgbank.

About the agency CNews Analytics

The daily online publication CNews.ru is the largest Russian online publication dedicated to the Russian and global IT market. The publication specializes in current news from the world of high technology.
News CNews.ru is operative information about the high technology market, the latest developments, new hardware and current software. Much attention is paid to the state of electronic business in Russia and in the world; news about mergers, divisions and acquisitions of companies, as well as their financial situation, is quickly released. Up to 100 news items are published per day covering the state of the Russian and foreign markets.
CNews.ru is not only a news feed. The site was created according to the principle of a portal: analytical articles, market research results, audience surveys are published, there is a rich range of services, including a calendar plan of exhibitions, conferences and presentations dedicated to high technologies and e-business, a thematic forum, computer press announcements, as well as an extensive database of press releases from high-tech companies.