We are pleased to welcome this guest post, submitted by Barracuda partner Accellis Technology Group. Accellis offers managed IT services, cybersecurity and compliance consulting, legal application consulting, and system integration & development. You can connect with them through their website, LinkedIn, Facebook, and Twitter.
This article was written by Derek Schroeder of Accellis Technology Group, and was originally published here.
No too long ago, a law firm client of ours was representing a community association that wanted to cancel an approximate $25,000 job with their landscaping company. The association claimed they sent an email to the law firm requesting that they notify the landscape company to cancel the project. The law firm never received the email, therefore, did not know to cancel it. The landscape company did the job and charged the association for the work.
The association attempted to charge the law firm for the $25,000 project plus $5,000 in damages since they failed to put the brakes on the project. If the law firm couldn’t prove that they did not receive the email, they would have to pay the association the $30,000. As any lawyer knows – proving something didn’t happen is often quite difficult.
Accellis was brought in to see if we could verify whether the email message was actually received by the firm. Since the firm had an Email Archiver in place, we were able to locate every single email sent and received by the firm at the time of the event. It was discovered that firm DID NOT receive an email from the association, and therefore the firm was not held liable for the $30,000 project.
Avoiding Email Pitfalls
The use of email and digital communication has exploded in the last few years, as well as the opinions and regulations governing the retention of those messages. Some firms have a strong opinion against deleting any email as it is used as a storage/reference facility. On the other end of the spectrum, some firms purge email after they are finished with it in an effort to not be held responsible for the content it contains, or simply to keep a clean inbox. Both of these strategies can lead to management and liability issues.
According to Gartner, 80-90% of an organization’s intellectual property is stored in or communicated via email. Consider what might happened if those emails were deleted or destroyed? This could present a problem if your firm needed to provide documentation for something related to a law suit, compliance issue or employee dispute. Without an Email Archiver in place, those messages could be gone forever.
From a liability standpoint, all firms should have a written policy stating the duration at which they are responsible for retaining their email. The standard is between 5-7 years. It is difficult to maintain this model in Outlook alone as there are still some emails that firms want to maintain beyond this duration. An Email Archiver solves this problem.
A Digital Security Blanket
An Email Archiver is a hardware device that stores and manages email outside of a standard server. The Archiver keeps a copy of EVERY email that is sent to/from any of the firm’s email addresses, immediately upon sending/receiving. This especially comes in handy in the case of depositions and when proving “who sent/received which email.” If there is no proof of reception (or lack thereof), he is likely to side with the sender who’s proof is in the Sent Items folder. With proof of “no reception” from an Archiver, the case is decidedly on the Archiver’s side.
An Archiver also has the ability to quickly and decisively search an entire database of firm email for keywords/users/descriptions, etc. Any emails containing a case number or key words can be produced in a matter of minutes from one unified location (under administrative control, obviously). Outlook searching can only get one so far, this is an entire Exchange Information Store and every archive file the firm has ever had, all at once!
Most small to mid-sized firms who host their own email know the challenges associated with maintaining an Exchange Information Store database. It can quickly grow out of control and slow the server (or push against the server’s hard drive maximum storage threshold). A great way to alleviate this space is to take advantage of the stubbing function within an Archiver. It can be run once, monthly, or even daily to keep an Information Store in check. The device will search the Information Store for emails above a certain size and strip the attachments out of the server and only store them on the Archiver itself. The process to access documents from the Archiver is seamless for users as an Outlook add-in automatically links them to the proper documents on the Archiver, all the while taking gigabytes out at a time from the Information Store. The ingenious part of the architecture is that the Archiver de-duplicates email as it comes in to save space. In other words, 200 Gb of email on an Exchange server is a mere 110 Gb on an Archiver.
The cost for an Archiver is not cheap, but the peace of mind that comes with seamless email management and storage is well worth the money. The model we trust and recommend is the Barracuda Message Archiver 350, which retails for about $4999. This model will support up to 500 users and a 2TB storage capacity. It also requires an annual subscription of Energizer Updates to keep it secure and running properly. While archiving is mandated by HIPAA, SEC/FINRA and another regulations, we consider it a must-have to secure one of the most critical applications in your network – your email.
With nearly a decade of experience in the IT industry, Derek is in charge of the everyday support for Managed Network Services clients as well as determining long-term strategies for client’s technology needs. He is highly experienced with installing and maintaining network environments including workstations, servers, firewalls, software applications and more. Along with being a valuable member of the networking team, Derek is a Certified Consultant for the Amicus Attorney software platform. He provides a valuable role as a hybrid between the networking and software understandings. Derek has a Bachelor’s degree in Information Systems and Technology from Cleveland State University.
You can read more from Derek here, and contact him at email@example.com.