Corporate mail: archiving of incoming and outgoing messages. Working with the fields “To” (“To”), “Cc” (“CC”), “Bcc” (“Bcc”)

Everyone has the right to freely receive and transmit information through legal means. This applies to conversations on the phone, email and any messages.

Information transmitted by legal means cannot be made available to outsiders without a court order. This is the right to privacy of correspondence and conversations. But they must be used in such a way as not to harm others. You cannot freely disseminate information if it causes harm to someone - for example, an employer.

If a mail service has access to information in the mail of its clients, this does not mean that it becomes its owner and can distribute it. All the courts misunderstood the law and did not justify their decisions correctly.

It should have been done differently: although the postal service is not considered the owner of the information, the employee can still be fired.

And here's why.

The employer decided that there was a trade secret. She needs to be protected from strangers. Here is the contract, instructions and non-disclosure agreement.

The employee understood everything, agreed, but used personal email. This means that he can open documents from home and do whatever he wants with them. For example, send to anyone.

This is a violation. It does not matter whether the employee actually sent the official data to someone or not. The fact of sending work data to a personal mailbox is enough.

The main thing in such cases is what information was sent and whether the employer prohibited it. If prohibited, the employee can be fired under the article.

Bottom line. The dismissal case will be reviewed, but this is a formality. Most likely, the court will simply change the arguments to those described by the Constitutional Court. The employee will not be reinstated and compensation will not be paid.

Does this only apply to bosses who have access to something secret?

No, this can affect anyone: a manager, secretary, accountant, programmer, technologist, engineer or journalist.

In this story, the man worked as the head of the contractual legal department in a large company. He had access to data about clients, employees and contracts. But it doesn't matter.

It is important that some information in the company was considered a trade secret. This can be any information at the discretion of management. If all documents are completed correctly, anyone can be fired for sending work files to personal email.

Why does an employer decide what can and cannot be sent via personal email?

The employer has the right to restrict the dissemination of some proprietary information. These rules are prescribed in employment contracts, instructions and agreements. Employees must comply with them.

How can an employer know what employees are sending to their email?

An employer can check employees' corporate mailboxes. He can check messengers if the employee created a profile at the request of the company and communicates on it for work.

If an employee from a corporate email logs in to the messenger and communicates there via personal matters, the employer can also read such messages. He doesn't know that they are personal.

This is not a violation of rights or an infringement on the privacy of personal correspondence. That's what the European Court of Human Rights said.

If the rules of the mail service say that it can gain access to my correspondence, does that mean it is not protected?

She is protected, but this is a complex issue. The law does not directly say that the owner of some service on the Internet is obliged to maintain the secrecy of correspondence. But that doesn't mean he doesn't have to.

The mail service cannot freely publish, distribute and forward your mail to anyone it wants. The law did not seem to prohibit him from doing this, but the Constitutional Court explained that this was implied.

Even if the rules say that the conditional “Mail-ru” can allow and restrict access to your correspondence (and most often it is written that way), it is not the owner or owner of the contents of the letters. Only authorized bodies can gain access to personal mail and only according to the rules - for example, by a court decision.

The laws lack precision in this regard. Maybe they will be supplemented - the Constitutional Court advised this to be done.

How to use mail correctly so as not to be fired under the article?

It all depends on how the employer protected proprietary information. If he officially declared it a trade secret and forbade sending it to a personal mailbox, there may be a reason for dismissal.

Read the employment contract and job description. If there is a special regime and prohibitions, strictly observe them. One letter to yourself is enough to get fired. Even if there is only one contract with a supplier and you haven’t shown it to anyone else.

Ask your employer what they think about private boxes. The director himself may not know that a trade secret needs to be formalized in a special way. Suddenly he is against personal mail, but did not draw up the documents. You will win in court, but you will ruin your reputation.

Do not use personal email without permission. If you need to work from home, agree with your employer in advance, even if he was not against it before. If you communicate at work through a personal email, let the director record that he does not mind. The absence of a prohibition is not consent. Then you won't prove anything.

Keep track of what you write and to whom from the office, even if it's a personal messenger.

If there was no official ban, but you used personal mail and they want to fire you, look for a lawyer and don’t be afraid to sue. After the explanations of the Constitutional Court, there is a chance to be reinstated at work and receive compensation.

Most companies understand the importance of creating backups. But the problem is that not many companies have an idea of ​​what a data backup strategy should be. As a result, they lose information, clients, and therefore money. Back in 2014, experts reported that businesses lose about $1.7 trillion a year due to irretrievable losses of valuable data that for some reason were not backed up. Now this figure has increased, since an hour-long forced downtime of a data center costs the operator $50,000 - $80,000. Two years ago, an hour-long downtime entailed losses of $40,000 - $60,000.

Each year this amount grows as the value of the data gradually increases. And it’s not just about information - after all, ordinary equipment downtime due to various kinds of problems hurts the wallets of both the company that owns the infrastructure and its clients.

In the first half of 2016 alone, 554 million records were lost or stolen as a result of cyberattacks. The most common purpose of hacking is to steal users' personal data. In the United States, the most attacked area was healthcare. At the same time, government agencies lost the maximum amount of data in the first half of 2016 (we are talking about lost or stolen data).

Moreover, for the entire 2015, 707.5 million records were lost or stolen as a result of cyber attacks. This, however, is less than in 2014, when the same figure was 1.02 billion records.

Among the reasons for data loss is the unpreparedness of companies for critical events (power failures, physical damage to equipment, hacking and data theft, natural disasters). If you don’t take care of backups in advance, it will be excruciatingly painful later, many have heard about this. But, as they say, “the mice cried, injected themselves, but continued to eat the cactus.” Let's see what unexpected cases happen that suddenly lead to a partial or complete stop in the work of telecommunications companies and their divisions. This isn't all about data loss and backups, but these situations make you think about how quickly a well-run process/company operation can turn into chaos. Despite planning, unexpected situations can and will definitely arise, sooner or later.

A sad toy story

There was a threat that a whole month of work (or even more) would go to waste. But then it turned out that one of the project managers regularly sent all the data to his home PC in order to be able to work on the project at home. Only thanks to this (and, it should be noted, this was a violation of corporate rules) the data was restored.

If the data were not available on home server, then the timing of the project could be delayed, and the company would find itself in a very unpleasant situation.

Accident involving a data center

The auxiliary power supply system immediately started working, but a problem arose - the main cooling system did not start. Because of this, the equipment quickly overheated, so the company employees decided to turn off everything so that the servers and other equipment did not fail.

As a result, the data center stood idle for about five hours, during which nothing worked. These five hours cost the company $3.5 million. Quite a lot.

... and a few more sad IT stories

For example, in the same year of 2013, one of the largest hosting providers in the world stopped working. In the company's data center located in Utah, USA, problems arose as a result of a hardware failure during maintenance work on the server. And this resulted in a number of equipment outages throughout the data center. As a result, a huge number of web services and sites stopped functioning for a while. This failure cost the hosting provider a considerable amount of money.

And immediately after the release of the game console to the market Xbox One the load on the company’s servers has increased (and very significantly). Because of this, the cloud service also began to fail. Windows service Azure. Problems with work were observed throughout the day Xbox Live- data sometimes was not saved, sometimes it was not loaded, multiplayer in games did not work.

In 2015, the famous company Vtech, which produces toys and electronic devices for children. Then someone hacked the company's servers, and 4.8 million records from the customer database were stolen. In addition, data on 200,000 children (their names were indicated by their parents during registration) were also stolen.

As it turned out, the company did not follow the principles very carefully information security. Weak passwords, weak encryption, small number of backups - all this led to big problems. Vtech has to some extent lost the trust of customers and investors who are dissatisfied with the negligence of employees.

Already this year, another case of irresponsible work became known. The head of a small hosting company that served about 1,500 clients was found to be responsible for the loss of data. One busy evening, Marco Marsala ran the command rm -rf (foo)/(bar) on all servers, and the variables (foo)/(bar) were not set (by mistake). As a result, all data was deleted from all servers.

By an unfortunate coincidence, drives with backups were mounted to the servers. All this data was also erased. The affected company owner asked other users if it was possible to recover the information after running the rm -rf (foo)/(bar) command. It is clear that other users did not tell him anything good. As a result, inattention led to the fact that the business had to be closed (this was reported by the same Marsala). So it’s not enough to make backups; they also need to be stored in a safe place. In the comments, users indicated that “If you only have one backup, you don’t have a backup,” which, in fact, is true in most cases.

And it’s not just small companies that have problems. For example, one of the world's largest banks, Barclays, was fined several million US dollars a couple of years ago. The reason is the partial loss of business correspondence for 10 (!) years. The company lost data due to imperfect data storage systems. A technical glitch means the letters are lost.

And it would be fine if only banks lost letters - after all, financial companies, although they must have a perfect telecommunications infrastructure, are not the creators of email services, like, for example, Google. Yes, yes, this company is also far from ideal in terms of storing user information. In 2011, Gmail, Google's email service, caused thousands of its users to worry.

Some of them, having logged into their account, did not see any letters or contacts. Then, according to Google, “only 0.08%” of the total number of service users were affected. But at that time, 193 million people used Gmail, and even a hundredth of a percent of this number was the population of a small city. One of the service clients then complained about the loss of 17,000 letters - this was all his activity for the entire time.

Most of the company's data was returned because Google places data backup at the forefront of all the company's work. But some users were still left with problematic accounts, plus Gmail’s reputation suffered.

Reasons for data loss and backups in companies

Media failure

Human factor

Software glitch

Hardware failure

Network failure

Individuals are no better than companies (maybe even worse) when it comes to backing up data. Back in 2015, Backblaze conducted a user survey, which found that only 39% of users even completely back up their data every year. Only 8% of respondents do this every day.

As a conclusion

In any case, for whatever purpose you need significant computing power, we have a service"

Who would have thought a couple of decades ago that the time would come when it would be possible to contact anyone from anywhere? Globe in a couple of seconds? Such a time has come, at the same time giving citizens new opportunities to defend their rights. After all, now SMS messages certified by a notary, as well as correspondence using WhatsApp and Viber services, can act as significant evidence. But what is this for?

The situations can be very different - from family troubles to serious violations of various obligations. In such cases, electronic correspondence can become a good evidence base that will help win the case.

On what grounds can email correspondence become evidence?

According to Article 55 of the Code of Civil Procedure of the Russian Federation, evidence is considered to be information obtained legally, which is used to consider a case and make a decision on this case. But can SMS correspondence or WhatsApp chat become evidence?

They can, Article 71 of the Code of Civil Procedure of the Russian Federation directly states this. According to it, information for consideration of a case may include digital records obtained through electronic communications.

How do you document correspondence using SMS, WhatsApp and Viber?

Although according to the law, electronic correspondence can become evidence, it is not very clear how it is documented? In fact, everything is much simpler than it seems.

First of all, the correspondence is transferred to a material source, and then printed in good quality on paper. Correspondence can be provided to the court only in this printed form. In addition, the applicant mandatory must indicate when, by whom and under what circumstances the relevant entries were made.

But just recording the correspondence is not enough; the court must confirm its authenticity. This can be done in one of four ways:

• Record the correspondence, print it out, draw up a protocol with the obligatory presence of witnesses, indicating their personal data.
• In the case of documenting correspondence before the start of the trial, the procedure is the same, only instead of witnesses, the presence of a notary is required. The notary officially certifies the correspondence, which can then be sent to the court.
• If the consideration of the case has already begun, the correspondence must be documented in accordance with Article 71 of the Code of Civil Procedure of the Russian Federation. In this case, by court decision, materials can be requested, including from telecom operators.
• Another method requires an examination, then recording the correspondence, printing it on paper, as well as a written expert opinion regarding the content of the correspondence.

Where can I certify telephone correspondence?

SMS messages, as well as correspondence on WhatsApp and Viber can be certified at a notary office. To do this, call +7 495 767-12-77 and make an appointment with a notary.

Today, courts often accept electronic correspondence as written evidence. However, to do this, it must have legal force. Meanwhile, clear and uniform rules and methods for determining the legitimacy of virtual correspondence have not yet been developed, which leads to a large number of problems.

Let's look at a few ways to make emails look legal force.

Long gone are the days when the only means of communication were letters written on paper. The development of economic relations between economic entities is no longer conceivable without the use of information technology. This is especially true when counterparties are located in different cities or even countries.

Communication via electronic communication helps reduce material costs, and also allows you to quickly develop a common position on specific issues.

However, such progress should not be viewed only on the positive side. Various disputes often arise between subjects of economic relations; to resolve them, they turn to the courts. The court makes a decision based on an assessment of the evidence provided by the parties.

At the same time, the relevance, admissibility, reliability of each evidence separately, as well as the sufficiency and interconnection of the evidence in their totality are analyzed. This rule is enshrined both in the Arbitration Procedure Code of the Russian Federation (clause 2 of Article 71) and in the Code of Civil Procedure of the Russian Federation (clause 3 of Article 67). In the process of determining the admissibility and reliability of the evidence provided, the court often asks questions, the solution of which significantly affects the outcome of the case.

The use of electronic document management in relations between business entities is regulated by the norms of the Civil Code of the Russian Federation. In particular, in paragraph 2 of Art. 434 states: an agreement in writing can be concluded by exchanging documents via electronic communication, which makes it possible to reliably establish that the document comes from a party to the agreement.

In accordance with paragraph 1 of Art. 71 Code of Civil Procedure of the Russian Federation and paragraph 1 of Art. 75 of the Arbitration Procedure Code of the Russian Federation, written evidence is business correspondence containing information about circumstances relevant for the consideration and resolution of the case, executed in the form digital recording and received via electronic communication.

To use electronic documents In legal proceedings, two conditions must be met. Firstly, as already indicated, they must have legal force. Secondly, the document must be readable, that is, it must contain information that is generally understandable and accessible to perception.

This requirement stems from general rules legal proceedings, which presuppose the immediacy of judges’ perception of information from sources of evidence.

Often, the court refuses to admit as evidence to the case materials electronic correspondence that does not meet the above conditions, and subsequently makes a decision that does not satisfy the legal requirements of the interested party.

Let's consider the main ways to legitimize electronic correspondence before and after the start of proceedings.

Working with a notary

If the proceedings have not yet begun, then to give electronic correspondence legal force, you need to involve a notary. In paragraph 1 of Art. 102 of the Fundamentals of Legislation on Notaries (Fundamentals) states that, at the request of interested parties, a notary provides evidence necessary in court or an administrative body if there are reasons to believe that the provision of evidence will subsequently become impossible or difficult. And in paragraph 1 of Art. 103 of the Fundamentals stipulates that in order to secure evidence, the notary inspects written and material evidence.

According to paragraph 2 of Art. 102 Fundamentally, a notary does not provide evidence in a case that, at the time interested parties contact him, is being processed by a court or administrative body. Otherwise, the courts recognize notarized electronic correspondence as unacceptable evidence (Resolution of the Ninth AAS dated March 11, 2010 No. 09AP-656/2010-GK).

It is worth recalling that, based on Part 4 of Art. 103 Fundamentals, provision of evidence without notifying one of the parties and interested parties is carried out only in urgent cases.

In order to examine the evidence, a protocol is drawn up, in which, in addition to detailed description The notary's actions must also contain information about the date and place of the inspection, the notary performing the inspection, the interested parties participating in it, and also list the circumstances discovered during the inspection. Sami emails are printed out and filed with the protocol, which is signed by the persons participating in the inspection, by a notary and sealed with his seal. By virtue of the Determination of the Supreme Arbitration Court of the Russian Federation dated April 23, 2010 No. VAS-4481/10, the notarized protocol for the inspection of an electronic mailbox is recognized as appropriate evidence.

Currently, not all notaries provide services for certification of emails, and their cost is quite high. For example: one of the notaries in Moscow charges 2 thousand rubles for one page of the descriptive part of the protocol.

A person interested in providing evidence applies to a notary with a corresponding application. It should indicate:

• evidence to be secured;
• the circumstances that are supported by this evidence;
• the grounds for which evidence is required;
• at the time of contacting a notary, the case is not being processed by a court of general jurisdiction, an arbitration court or an administrative body.

Notaries inspect the contents email box either remotely, that is, they use remote access to a mail server (it can be a server of a provider providing an electronic communication service under a contract; a mail server of a domain name registrar or a free Internet mail server), or directly from the computer of the interested person on which the work program is installed with email (Microsoft Outlook, Netscape Messenger, etc.).

During a remote inspection, in addition to the application, the notary may need permission from the domain name registrar or Internet provider. It all depends on who exactly is supporting the work. mailboxes or electronic mail server under contract.

Certification from the provider

Resolutions of the Ninth AAS dated 04/06/2009 No. 09AP-3703/2009-AK, dated 04/27/2009 No. 09AP-5209/2009, FAS MO dated 05/13/2010 No. KG-A41/4138-10 stipulate that the courts also recognize the admissibility of electronic correspondence , if it is certified by the Internet service provider or domain name registrar who are responsible for managing mail server.

The provider or domain name registrar certifies electronic correspondence at the request of an interested party only if it manages the mail server and such right is specified in the service agreement.

However, the volume of electronic correspondence can be quite large, which in turn can complicate the process of providing paper documents. In this regard, the court sometimes allows the provision of electronic correspondence to electronic media. Thus, the Arbitration Court of the Moscow Region, making a Decision dated August 1, 2008 in case No. A41-2326/08, referred to the admissibility of electronic correspondence provided to the court on four CDs.

But when considering the case in the appellate instance, the Tenth AAC, by its Resolution dated 10/09/2008 in case No. A41-2326/08, recognized the reference to electronic correspondence as unfounded and canceled the decision of the court of first instance, indicating that the interested party did not submit any documents provided for by the concluded parties agreement.

Thus, emails relating to the subject of the dispute must be submitted to the court in writing, and all other documents can be submitted on electronic media.

Confirming the contents of letters by referring to them in subsequent paper correspondence will help prove the facts stated in virtual correspondence. The use of other written evidence is reflected in the Resolution of the Ninth AAS dated December 20, 2010 No. 09AP-27221/2010-GK. Meanwhile, the court, when considering the case and assessing the evidence provided by the parties, has the right not to consider paper correspondence with links to electronic correspondence admissible.

He only takes it into account and makes a decision based on a comprehensive analysis of all the evidence presented.

Get help from an expert

If the proceedings have already begun, then to give electronic correspondence legal force it is necessary to exercise the right to attract an expert. In paragraph 1 of Art. 82 of the Arbitration Procedure Code of the Russian Federation stipulates that in order to clarify issues that arise during the consideration of a case that require special knowledge, the arbitration court appoints an examination at the request of a person participating in the case, or with the consent of the persons participating in it.

If the appointment of an examination is prescribed by law or a contract, or is required to verify an application for falsification of the evidence presented, or if an additional or repeated examination is necessary, the arbitration court may appoint an examination on its own initiative. The appointment of an examination for the purpose of verifying the evidence presented is also provided for in Art. 79 Code of Civil Procedure of the Russian Federation.

In a petition to appoint a forensic examination, it is necessary to indicate the organization and specific experts who will carry it out, as well as the range of issues for which the interested party decided to apply to the court to order an examination. In addition, information about the cost and timing of such an examination should be provided and the full amount to pay for it should be deposited with the court. The involved expert must meet the requirements established for him in Art. 13 of the Federal Law “On State Forensic Expert Activities in the Russian Federation”.

Attachment to the case materials as evidence of an expert's opinion on the authenticity of electronic correspondence is confirmed by judicial practice (Decision of the Moscow Arbitration Court dated 08/21/2009 in case No. A40-13210/09-110-153; Resolution of the Federal Antimonopoly Service of the Moscow Region dated 01/20/2010 No. KG-A40 /14271-09).

Based on the contract

In paragraph 3 of Art. 75 of the Arbitration Procedure Code of the Russian Federation notes that documents received via electronic communication are recognized as written evidence if this is specified in the agreement between the parties. Accordingly, it is necessary to indicate that the parties recognize the equal legal force of correspondence and documents received via fax, the Internet and other electronic means of communication as the originals. In this case, the agreement must specify the email address from which electronic correspondence will be sent, and information about the authorized person authorized to conduct it.

The contract must stipulate that the designated email address is used by the parties not only for work correspondence, but also for the transfer of work results, which is confirmed by the position of the Federal Antimonopoly Service of the Moscow Region in Resolution No. KG-A40/12090-08 dated January 12, 2009. The Decree of the Ninth AAS dated December 24, 2010 No. 09AP-31261/2010-GK emphasizes that the contract must stipulate the possibility of using e-mail for approval terms of reference and making claims regarding the quality of services provided and work performed.

In addition, the parties may provide in the agreement that notifications and messages sent by email are recognized by them, but must be additionally confirmed within a certain period by courier or by registered mail(Resolution of the Thirteenth AAS dated April 25, 2008 No. A56-42419/2007).

To summarize, we can say that today there is a practice of courts using electronic correspondence as written evidence. However, taking into account the requirements of procedural legislation regarding the admissibility and reliability of evidence, virtual correspondence is taken into account by the court only if it has legal force.

In this regard, a large number of problems arise, since a unified methodology for determining the legitimacy of electronic correspondence has not yet been formed. The right of an interested party to contact a notary in order to secure evidence is enshrined, but there is no regulatory act of the Ministry of Justice of the Russian Federation regulating the procedure for the provision of such services by notaries. As a result, there is no single approach to determining their value and forming a clear mechanism for implementing this right.

There are several ways to give electronic correspondence legal force in order to present it as evidence in court: securing electronic correspondence from a notary, certification from an Internet provider, by referring to emails in further paper correspondence, as well as confirming their authenticity through forensic examination.

A competent approach to the timely provision of electronic correspondence as written evidence will allow business entities to fully restore their violated rights when resolving disputes.

The study was carried out during the period 08.15.-10.1.2006. The process of collecting primary statistical data involved 137 respondents who filled out online questionnaires.

Introduction

Today, every company uses email as one of the main means of business communication. At the same time, at large enterprises the daily volume of correspondence can amount to tens and hundreds of gigabytes. All these messages are stored in folders of employees’ personal email clients, which simply “swell” over time. As a result, management has to make a choice: implement special solution for centralized archiving and storage of corporate correspondence or try to ignore the problem. Note that in some cases the need for a centralized solution may be dictated by relevant regulations, although for Russia this is a rather rare situation. In addition, both the organization’s IT security service and commercial departments can receive a number of benefits from using a specialized solution. Moreover, it is believed all over the world that an effectively functioning IT infrastructure in any case should include a centralized archive of corporate mail.

This research is the first public Russian project aimed at studying the problem of centralized email archiving in a corporate environment. The study aims to identify the views of Russian organizations on the problem of collecting and storing electronic messages, to study the benefits of using a specialized solution and the requirements that business places on such products. In addition, the study allows us to find out the plans of Russian companies to introduce centralized corporate archives into their IT infrastructure.

General conclusions

• Only 14% of respondents use specialized solutions for archiving email traffic, while 86% of companies simply turn a blind eye to the problem.
• Internal IT security (protection from insiders and leaks, incident investigation) leads among all the benefits that a business can receive from implementing a centralized archive of corporate correspondence.
• The ideal archive in the eyes of Russian companies is a safe, productive, automated product with rich analytical functionality.
• The majority of respondents (62%) are convinced of the need to archive not only email traffic, but also all Internet traffic. This helps create complex system protection against leaks and insiders.
• Serious growth awaits Russian market mail traffic archiving tools. 31% of respondents plan to implement a centralized archive in 2006 and 2007, and 26% - in 2008-2009. Thus, from 2006 to 2009, more than half of the surveyed companies (57%) are going to acquire a centralized archive.

Research methodology

The study was carried out during the period 08.15.-10.1.2006. The process of collecting primary statistical data involved 137 respondents who filled out online questionnaires on the website CNews.ru. The survey questions and research results were prepared by the InfoWatch analytical center. The data below is rounded to the nearest whole number unless precision is stated explicitly.

Respondent's portrait

In Fig. Figure 1 shows a portrait of respondents by the number of computerized workplaces in the organization. The largest portion of the surveyed companies (43%) have less than 500 computerized workplaces. The share of medium-sized organizations (501-1000 places) accounted for 29% of the surveyed organizations. Representatives of large businesses made up two more segments: 16% (1001-5000 places) and 12% (more than 5000 places).

Fig.1

The following diagram (Fig. 2) shows the distribution of respondents by occupation. The largest part of the surveyed organizations works in the field of telecommunications and IT (36%). Financial services and insurance accounted for 22% of respondents; for ministries and departments - 17%, fuel and energy complex - 13% and other sectors of the economy (trade, production) - 12%.

Fig.2

Archiving correspondence in practice

The first main question of the InfoWatch analytical center was aimed at finding out how exactly Russian enterprises solve the problem of email archiving in practice. In other words, do they already use special centralized archives or simply ignore the problem, leaving it to their employees or even to chance.

In Fig. Figure 3 shows the distribution of answers to the question of how the organization solves the problem of collecting and storing corporate correspondence. It turned out that only 14% of respondents use specialized solutions, while 86% of companies simply bury their heads in the sand. Of these, 49% of organizations believe that each employee must “get out” on his own: make backup copies on CD, empty folders in the email client, upload messages to the hard drive, etc. Finally, 37% of 86% prefer to ignore the problem completely.

Fig.3

As CNews Analytics experts point out, this distribution of responses raises serious concerns, since in almost half of companies (49%) the problem of collecting and storing corporate correspondence is solved, in fact, by “homemade” methods. The fact that staff create archives and backup copies of their messages themselves creates dangerous risks of leakage confidential information in the event that the archive or backup copy is compromised. Moreover, staff spend their time performing operations that are simply not intended job descriptions, and often employees may simply not have enough qualifications to perform functions traditionally assigned to the IT department.

According to the InfoWatch analytical center, Russian companies today are still in the “stone age” in terms of collecting and storing corporate correspondence. Moreover, no obstacles to the implementation of specialized tools can serve as sufficient grounds for assigning the responsibility for creating corporate archives to office employees or even trying to turn a blind eye to the problem. It is obvious that with the increasing informatization of domestic organizations, the accumulation and preservation of electronic messages will become an increasingly important task. Every organization will have to solve this problem, one way or another.

Incentives to use central archives

One of the most important results of the study was the identification of the benefits that businesses can receive from using centralized archives of corporate correspondence. A priori, InfoWatch experts have identified 5 main reasons why organizations use specialized solutions for collecting and storing electronic messages.

• Some laws, standards, and other regulations require companies to create and maintain email archives. For example, the Bank of Russia standard for IT security (STO BR IBBS-1.0-2006), the Russian law “On Archiving in the Russian Federation”, the American laws SOX (Sarbanes-Oxley Act of 2002) and HIPAA (Health Insurance Portability and Accountability Act) , etc.
• Analysis of all incoming and outgoing messages is an effective method of investigating any corporate incidents, especially in the field of IT security and financial fraud;
• A business can integrate a centralized storage with a comprehensive system for protecting against leaks of confidential information and, thereby, increase the efficiency of this system;
• A centralized mail archive solves the problem of backing up electronic messages, which otherwise each employee must solve independently;
• In the event of legal claims against the company and after an external independent audit, authentic letters from the corporate archive can serve as evidence in court;
• The ability to make specific selections from a correspondence repository allows you to solve many business problems in the field of marketing, sales, etc.

CNews Analytics specialists note that in the countries of the European Union and North America, businesses and government agencies are simply required to create centralized archives, since these requirements are enshrined in law or regulation. However, in Russia the situation is somewhat different - the regulatory burden is much lighter, although some laws and standards in the field of collecting and storing messages still exist. For convenience, the most popular standards are grouped in the table below (see Table 1).

table 1

Laws and regulations in the field of collection and storage of corporate correspondence

Thus, the regulatory burden of Russian organizations is small: government agencies are subject to the Federal Law “On Archiving in the Russian Federation”, financial companies are subject to the Basel II agreement and the Central Bank standard, and all other organizations encounter foreign laws only when carrying out international transactions, for example, IPOs, opening branches in the EU, etc. It can be summarized that the specificity of the Russian market for archiving corporate correspondence is the almost complete absence of strict requirements that would oblige organizations to collect and save electronic messages.

What incentives then do domestic enterprises see in introducing specialized archives? The answer to this question can be found in Fig. 4. InfoWatch experts asked respondents to rate on a 6-point scale the benefits that businesses receive from using centralized solutions for collecting and storing electronic correspondence. A score of “6” meant that this stimulus was “very important” for the respondent, while a score of “1” meant, on the contrary, “not very important.” The six stimuli listed above were offered as response options:

• compliance with regulations,
• investigation of IT security incidents,
• centralized creation of backup copies of messages,
• the ability to present messages as evidence in court,
• creating powerful retrospective samples to solve business problems,
• integration of the archive with a system for protecting against leaks of confidential information.

As it turns out, some of these incentives have no weight at all for Russian companies. For example, absolutely all respondents believe that authentic electronic messages from a specialized archive will not help in any way in the event of prosecution. As a result, no organization surveyed rated this incentive higher than a “3.” In other words, all estimates in in this case distributed from “1” (not at all important) to “3” (more likely not important than important).

Fig.4

In Fig. Figure 4 shows the distribution of ratings for all six stimuli. The importance of one or another benefit from using a centralized archive decreases from left to right. It is easy to notice that in the category “compliance with laws and standards,” a total of 34% of respondents gave a rating higher than “3.” In other words, this incentive matters only to one third of Russian organizations surveyed. According to the InfoWatch analytical center, if a similar survey were conducted among European or North American companies, then at least two more respondents would have indicated regulations. However, this is precisely where the specificity of the Russian market manifests itself. However, an analysis of the correlation between the field of activity and the scale of the organization on the one hand, as well as the importance of the normative factor on the other hand, allowed us to establish the following correspondence. First of all, the 34% of respondents who rated “compliance with laws and standards” above three included absolutely all ministries and departments participating in the survey (17%), as well as the majority of financial organizations (17% of 22%), mostly large ones. Note that these sectors must indeed comply, respectively, with the Federal Law “On Archiving in the Russian Federation” and the Bank of Russia IT security standard (as well as the Basel II agreement). Although the fact that only 14% of all respondents use centralized archives in practice speaks for itself...

Meanwhile, in the following figure (Fig. 5), for completeness, the average ratings for each stimulus are indicated, rounded to the nearest tenth of a point. As you can see, only four factors received a rating higher than “4”: investigation of IT security incidents (4.7), integration with a leak protection system (4.5), creation of backup copies (4.4) and the ability to compile analytical samples ( 4.2). This means that these four incentives are of the greatest value to respondents.

Fig.5

As CNews Analytics experts point out, the distribution of points is quite natural. This is especially true for the ability to conduct an effective investigation of almost any internal IT security incident, that is, to identify an insider and prove his guilt. The point is that on at the moment Russian organizations have developed a vicious practice of conducting internal investigations, in which the personal computers of suspected employees are seized, the employees themselves are driven from their workplaces, and IT security specialists consistently study emails in the email client. The disadvantages of this approach are obvious. Firstly, it is almost impossible to conduct such an investigation without the staff noticing. This means that within a few minutes after the start of investigative actions, the entire organization will know that there is a “mole” in the company. It is possible that as a result of gossip, information will reach the press or competitors. Secondly, it is impossible to hide the circle of suspects. In other words, every employee whose workstation arrested, he will know that management does not trust him. This will have a particularly bad effect on the general climate among the staff if it turns out that the insider was never found. Employees may feel offended, which under certain circumstances leads to sabotage according to the principle: “If you were wronged undeservedly, deserve it!” Thirdly, even a slightly savvy renegade will figure out to simply delete messages that compromise him from the email client. Since IT security specialists do not know exactly which of the suspects is an insider, they will not take the time to restore erased data on all workstations in a row.

Meanwhile, if the company has a centralized archive of corporate correspondence, then the entire investigation will take a few hours at most, during which the security officer will sit quietly in his chair and make analytical selections from the repository. Message filters, sorting by groups, search key phrases- all these tools allow you to quickly find any suspicious messages in the general archive. At the same time, no one bothers innocent staff and spoils the working atmosphere in the office. This is exactly what civilized companies do that take care of themselves and their employees. According to an expert assessment by InfoWatch, approximately 80% of internal IT security incidents can be resolved by analyzing electronic messages. Thus, creating a centralized repository of incoming and outgoing letters allows you to conduct effective investigations even in a large company.

According to the InfoWatch analytical center, respondents quite rightly assessed the importance of such a tool as analytical samples from a centralized repository. The fact is that a corporate solution for collecting and storing correspondence allows an organization to receive a number of benefits when solving business problems. The following are just typical scenarios:

• The software company has released the next version of its product. After several months, the head of the technical department decided to evaluate the dynamics of changes in the quality of work of programmers and testers. To do this, he asks his subordinate to write a report on the number of calls to the service technical support from the users. In this case, it is necessary to sort requests into categories - separately for each version software product, as well as provide the dynamics of the growth in the number of requests over time. This task is very easily solved with the help of an archive of corporate correspondence. An employee of the technical department makes an analytical sample, first filtering out all requests to the technical support service, then dividing them into different versions products (filtering by keywords), and then creating an analytical report (reflecting dynamics over time) using powerful built-in tools. All this will take no more than 30 minutes. For clarity, this example omitted two more roles: the corporate archive administrator (the person who configures its operation, but does not have access to the messages themselves) and the security officer (the person who has access to the messages, but does not have rights to manage the repository). This separation of roles is necessary to ensure the authenticity of the archive. Note that without using a corporate correspondence repository, solving the problem posed by the technical director will be much more difficult.
• A telecommunications company has launched a new service, such as a new tariff plan to access the Internet or use mobile communications. The marketing director wants to gauge consumer reaction to a new product by comparing it with the reaction to a service launched, say, last year. He instructs the marketing manager to write a corresponding report, who, with the help of the administrator and the security officer, simply needs to filter out all messages received in the company's public mailboxes and mentioning the new service. Similar to the previous case, the report is compiled in no more than 30 minutes. As a result, the head of the marketing department can operate with real numbers, performing control and planning functions in the activities of his department.
• The head of one of the departments of a large company plans to create an expert or simply a working group to resolve a specific issue or develop a new project. When selecting members of the team being formed, the manager is faced with the question: “Do the candidates under consideration know each other?” Instead of inviting more than a dozen specialists to his place and asking them if they know anyone in the room, the boss simply asks them to “punch” the names of candidates in the mail archive. It is almost certain that people who know each other at least a little and work in the same company have exchanged letters at least once. Meanwhile, a large number of shared messages may indicate friendship between employees and stable camaraderie. Thus, an experienced manager can take into account the important interpersonal component when forming a team of professionals.

There are quite a lot of such examples, since analytical samples are required in many areas of corporate management. They can be used to evaluate the effectiveness of internal corporate communications, marketing campaigns, technical solutions, etc.

Requirements for archiving systems

On next stage research, the InfoWatch analytical center asked respondents to rate the degree of importance various characteristics centralized archives. As in the previous case, companies were presented with six parameters to choose from, each of which could be rated on a 6-point scale (1 - “least important”, 6 - “extremely important”). Among the options offered to respondents were the following:

• High performance (resistance to loads and intense mail flow);
• Powerful tools for searching the archive and generating analytical samples;
• High archive security (protection against unauthorized modification of messages);
• Wide range of supported external DBMS for message export;
• Flexible storage and archiving policies that are executed automatically;
• Compatible with backup tools on material media.
• The distribution of answers is presented in the figure below (see Figure 6).

Fig.6

In Fig. Figure 6 shows the distribution of ratings for all six parameters. The importance of one or another characteristic of a centralized archive decreases from left to right. It is easy to notice that in the “wide range of supported DBMS” category, a total of 30% of respondents gave a rating higher than “3,” which is less than half of the companies surveyed. According to CNews Analytics experts, such neglect of this parameter is easily explained by the fact that today the DBMS market is dominated by products from only three manufacturers. These are Oracle, IBM and Microsoft. In other words, “broad support” implies the ability to work either with all three types of DBMS, or with the most popular of them - Oracle.

In addition, attention is drawn to some uncertainty among respondents in assessing the parameter “Support for hard backup copies” (compatibility with means of creating backup copies on physical media). From Fig. 6 shows that a total of 59% of respondents gave ratings of “3” and “4”. As InfoWatch experts point out, such a relatively neutral reaction to this characteristic decisions may be due to the fact that Russian companies simply do not need to store electronic messages for a long period of time. If Western organizations are required to follow the letter of the law and store mail for 6-7 years, then Russian companies are left to their own devices in this regard. So instead of recording data on magnetic tapes, organizations can simply delete it.

Meanwhile, in the following figure (Fig. 7), for completeness, the average ratings for each stimulus are indicated, rounded to the nearest tenth of a point. As you can see, only four factors received a rating higher than “4”: investigation of IT security incidents (4.7), integration with a leak protection system (4.5), creation of backup copies (4.4) and the ability to compile analytical samples ( 4.2). This means that these four incentives are of the greatest value to respondents.

Fig.7

The low ratings of the two least important parameters have already been commented on above, so we will focus on the most popular characteristics of a centralized archive. First of all, respondents rated the security of messages in the archive quite highly (4.6). According to CNews Analytics experts, archive protection cannot be neglected, since if correspondence is leaked, the company’s commercial and technical secrets may fall into the hands of competitors or fraudsters. At the same time, the formula is widely known: the leak of only 20% of trade secrets in 60% of cases leads to bankruptcy of the company.

The increased attention of respondents to the ability to create analytical samples (4.2) is explained by the fact that Russian organizations generally understand that a centralized archive can serve as an excellent tool for solving business problems. Scenarios for such use of the archive were given above.

Of particular interest are such characteristics as high performance and the ability to set flexible policies that will be executed automatically. At the beginning of the study, it was already indicated that the mail traffic of a large organization can amount to tens of gigabytes per day. Moreover, this is not such a rarity. For example, the InfoWatch Mail Storage solution processes and archives more than 20 GB of mail messages from VimpelCom OJSC every day. In this case, not only high performance and fault tolerance of the product are important, but also automation of the entire collection and archiving process.

Archiving Internet Data

With their penultimate question, experts from the InfoWatch analytical center tried to find out the respondents’ attitude to the need to archive not only email, but also Internet data. Indeed, in some cases, an organization needs to store all web traffic and, in general, everything sent via communication channels information. The distribution of answers is presented in the figure below (see Fig. 8).

Fig.8

The need to save all web traffic may arise when implementing a comprehensive system of protection against leaks and insiders. In this case, the IT security department will have a tool at its disposal that will allow it to investigate leaks via web channels, analyze the nature of the use of the organization’s web resources, etc. This opinion is generally shared by 62% of respondents, who chose the options “Very Important” (24%) and “Important” (38%). Only 38% of companies hold the opposite point of view. Thus, supplementing traditional email archives with functions for collecting and storing Internet data can be a promising move for IT solution providers.

Plans of Russian companies

Fig.9

According to CNews Analytics experts, the Russian market for archiving electronic correspondence is expected to experience serious growth over the next four years. Moreover, companies that do not plan to implement appropriate solutions today may change their minds in the coming years or even accelerate plans already agreed upon. Thus, both suppliers and customers should pay attention to centralized archiving of corporate mail.

Conclusion

Only 14% of respondents use specialized solutions for archiving email traffic, while 86% of companies simply turn a blind eye to the problem. Of these, 49% of organizations believe that each employee should solve the issue on their own (getting out of it as best they can), and 37% prefer to ignore the problem completely.

Among the incentives for implementing a centralized archive, respondents consider the most important to be the ability to investigate IT security incidents (average score 4.7 out of 6), integration with a leak protection system (4.5 out of 6), and creation of backup copies (4.4 out of 6) and the ability to create analytical samples to solve business problems (4.2 out of 6). This distribution of answers has a reasonable basis, since the use of a corporate archive really allows you to effectively investigate IT security incidents and prevent leaks, as well as relieve staff of the responsibility for creating “homemade” archives.

The most important requirements for the characteristics of a centralized archive, according to respondents, are high security (average score 4.6 out of 6), powerful capabilities for creating analytical samples (4.2 out of 6), as well as high performance and flexible automatic policies (4 each from 6). Thus, IT security problems again come to the fore, although message analysis capabilities, high performance, fault tolerance and solution automation are slightly less important.

Meanwhile, 62% of respondents believe that it is necessary to archive not only email traffic, but also all Internet traffic. This helps create a comprehensive system of protection against leaks and insiders. In addition, the IT security department has a tool at its disposal that allows it to investigate leaks via web channels, analyze the nature of use of the organization’s web resources, etc.

Further, 31% of respondents plan to implement a centralized archive within the next two years (2006 and 2007), and 26% - within the next four years (2008-2009). Thus, from 2006 to 2009, more than half of the companies surveyed (57%) are going to implement a centralized archive. Finally, 24% of respondents are postponing this task until the distant future (since 2010), and 5% are not going to implement the archive at all, since “it is not a priority.”

About InfoWatch

InfoWatch is an innovative company that develops unique technologies for the promising area of ​​information security - protection against internal threats. The company's competence includes minimizing the risk of leakage, data destruction, sabotage, industrial espionage and other careless and unlawful actions of employees in relation to corporate information.

The company's unique solutions allow you to control transactions with documents within the corporate network and prevent those that do not comply with the security policy. In particular, InfoWatch provides checking of mail and Internet traffic, as well as monitoring at the level file operations(copying, deleting, renaming, changing, printing documents). Together with traditional protection systems ( firewalls, filters, authorization, crypto-protection, etc.) InfoWatch allows you to build a comprehensive corporate security structure by providing the “rear” - reliable protection from internal threats.

Among our clients are the Ministry of Economic Development and Trade of the Russian Federation, the Ministry of Finance of the Russian Federation, HydroOGK, Transneft, VimpelCom, Megafon, Federal Customs Service of the Russian Federation, Vneshtorgbank.

About the agency CNews Analytics

The daily online publication CNews.ru is the largest Russian online publication dedicated to the Russian and global IT market. The publication specializes in current news from the world of high technology.
News CNews.ru is up-to-date information about the high-tech market, the latest developments, new hardware and current software. Much attention is paid to the state of electronic business in Russia and in the world; news about mergers, divisions and acquisitions of companies, as well as their financial situation, is quickly released. Up to 100 news items are published per day covering the state of the Russian and foreign markets.
CNews.ru is not only news feed. The site was created according to the principle of a portal: analytical articles, market research results, audience surveys are published, there is a rich set of services, including a calendar plan of exhibitions, conferences and presentations dedicated to high technology and electronic business, a thematic forum, computer press announcements, as well as an extensive database of press releases from high-tech companies.