How to Stop Document Disasters

Chief security officers, often working with their legal counsel, need to protect paper-based documents.

“Every enterprise should include backup for paper documents as well as computer documents,” advised Stephen Hoey.

Are you prepared for a disaster that could cripple your facility? According to the Department of Labor 93 percent of businesses that experience a disaster go out of business within 5 years. By implementing a “simple” plan you can increase your chances of being in the 7 percent that survive. Of companies that suffer a major loss of computerized records, 43 percent will never reopen, 51 percent will close within two years and only 6 percent will survive long-term, according to a study by Cummings, Haag & McCubbrey.

Of course, for facilities and enterprises that get hit by disaster the picture is even worse since most don’t even have the “luxury” of closing operations during recovery.

So where do you start? Begin with a very basic, three step disaster recovery plan.


Be sure you backup all of your data, delegate responsibilities in case of an emergency or disaster and have some sort of continuity plan. When disaster strikes, the plan automatically goes into play – communications, documents, computers, contact with employees, clients, vendors are all covered.


Based on Gartner Research Report it is estimated that 32 percent of all conventional tape backups would not restore properly. Many facilities that use a backup procedure do not test their backup media and suffer data integrity issues as a result. Add offsite storage of your backup media to your continuity plan. Be sure that your backup media is stored safely offsite and is accessible under all circumstances.


It is very easy to overlook some of your most critical data – your paper records. More than 70 percent of today’s businesses would fail within 3 weeks if they suffered a catastrophic loss of paper-based records alone due to fire or flood.

Keep in mind that disasters can be major or minor. Major disasters are earthquakes, floods, long term
blackouts and are not very common. However it’s the minor disasters that can cripple your facility overnight if you don’t prepare. Minor disasters include: roof leaks, pipe bursts, water damage, mold on documents, sabotage, negligence, loss, theft or misfiling.


Let’s take a typical scenario. This enterprise has centralized storage of all business records including invoices, purchase orders and vendor files plus original architectural drawings dating back to the turn of the century. Precautions had been taken for protecting the area with sprinklers, not considering that while a flash fire would have been controlled, the water damage would have wiped out the documents in minutes. With some simple steps a document scanning procedure was put into place to help this facility protect its documents.

Every enterprise should include backup for paper documents as well as computer documents into its recovery plan. A simple way to get started in this area is to begin scanning all paper from today forward. You can purchase an easy to use, inexpensive, desktop scanner and be up and running quickly. A document scanning service can assist with your “backfile” conversion, large document scanning and simple ways to integrate the process into your day to day workflow.

Regulations and corporate rules now demand better storage and retrieval of business-related e-mails.

SIDEBAR: But What about Those Dangerous E-mails?

New rules took effect two years ago that help companies decide how many e-mails and other digital items they have to keep in case someone sues them and demands the documents be brought to court. Even small companies can generate millions of digital documents in a very short time, and systems for managing them can be expensive.

IT security software provider Surety, LLC recently shared results of its 2008 E-mail Security and Authentication Survey with Security Magazine. The survey, which included more than 800 IT security, e-mail security and compliance professionals, revealed significant concerns about e-mail content security and the preservation of e-mails for litigation, including the following surprising takeaways:

  • More than 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as evidence in legal, regulatory or patent disputes;
  • More than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments; and
  • More than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication, including e-discovery.
  • About 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as authenticated evidence in legal, regulatory or patent disputes.
  • The survey further revealed that more than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments and more than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication.

 Other findings in Surety’s 2008 E-mail Security and Authentication Survey include:

  • E-mail retains its position as the most critical enterprise application. Seventy-one percent of respondents indicated that their organization uses e-mail to share information on a wide range of business-critical data, including documents related to company financial information, human resources and Intellectual Property and contracts with external parties.
  • E-mail takes center stage during e-discovery and during litigation. Nearly one-third of respondents indicate that their companies have been required to produce e-mail during e-discovery requests and their e-mail records have been used during litigation.
  • Many organizations have been slow to implement appropriate e-mail storage and content security solutions. According to the survey, 48 percent of respondents do not have tools in place to store e-mails in their original form in a manner that does not leave them susceptible to tampering.
  • Wide-variety of corporate initiatives drive adoption of e-mail authentication solutions. Regulatory compliance, e-discovery concerns, risk avoidance and internal policies mandating improved security represent the top drivers for the adoption of authentication solutions.
Full findings for Surety's 2008 E-mail Security and Authentication Survey are available at

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.