How to Stop Document Disasters

July 1, 2008
/ Print / Reprints /
/ Text Size+
Chief security officers, often working with their legal counsel, need to protect paper-based documents.

“Every enterprise should include backup for paper documents as well as computer documents,” advised Stephen Hoey.

Are you prepared for a disaster that could cripple your facility? According to the Department of Labor 93 percent of businesses that experience a disaster go out of business within 5 years. By implementing a “simple” plan you can increase your chances of being in the 7 percent that survive. Of companies that suffer a major loss of computerized records, 43 percent will never reopen, 51 percent will close within two years and only 6 percent will survive long-term, according to a study by Cummings, Haag & McCubbrey.

Of course, for facilities and enterprises that get hit by disaster the picture is even worse since most don’t even have the “luxury” of closing operations during recovery.

So where do you start? Begin with a very basic, three step disaster recovery plan.


Be sure you backup all of your data, delegate responsibilities in case of an emergency or disaster and have some sort of continuity plan. When disaster strikes, the plan automatically goes into play – communications, documents, computers, contact with employees, clients, vendors are all covered.


Based on Gartner Research Report it is estimated that 32 percent of all conventional tape backups would not restore properly. Many facilities that use a backup procedure do not test their backup media and suffer data integrity issues as a result. Add offsite storage of your backup media to your continuity plan. Be sure that your backup media is stored safely offsite and is accessible under all circumstances.


It is very easy to overlook some of your most critical data – your paper records. More than 70 percent of today’s businesses would fail within 3 weeks if they suffered a catastrophic loss of paper-based records alone due to fire or flood.

Keep in mind that disasters can be major or minor. Major disasters are earthquakes, floods, long term
blackouts and are not very common. However it’s the minor disasters that can cripple your facility overnight if you don’t prepare. Minor disasters include: roof leaks, pipe bursts, water damage, mold on documents, sabotage, negligence, loss, theft or misfiling.


Let’s take a typical scenario. This enterprise has centralized storage of all business records including invoices, purchase orders and vendor files plus original architectural drawings dating back to the turn of the century. Precautions had been taken for protecting the area with sprinklers, not considering that while a flash fire would have been controlled, the water damage would have wiped out the documents in minutes. With some simple steps a document scanning procedure was put into place to help this facility protect its documents.

Every enterprise should include backup for paper documents as well as computer documents into its recovery plan. A simple way to get started in this area is to begin scanning all paper from today forward. You can purchase an easy to use, inexpensive, desktop scanner and be up and running quickly. A document scanning service can assist with your “backfile” conversion, large document scanning and simple ways to integrate the process into your day to day workflow.

Regulations and corporate rules now demand better storage and retrieval of business-related e-mails.

SIDEBAR: But What about Those Dangerous E-mails?

New rules took effect two years ago that help companies decide how many e-mails and other digital items they have to keep in case someone sues them and demands the documents be brought to court. Even small companies can generate millions of digital documents in a very short time, and systems for managing them can be expensive.

IT security software provider Surety, LLC recently shared results of its 2008 E-mail Security and Authentication Survey with Security Magazine. The survey, which included more than 800 IT security, e-mail security and compliance professionals, revealed significant concerns about e-mail content security and the preservation of e-mails for litigation, including the following surprising takeaways:

  • More than 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as evidence in legal, regulatory or patent disputes;
  • More than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments; and
  • More than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication, including e-discovery.
  • About 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as authenticated evidence in legal, regulatory or patent disputes.
  • The survey further revealed that more than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments and more than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication.

 Other findings in Surety’s 2008 E-mail Security and Authentication Survey include:

  • E-mail retains its position as the most critical enterprise application. Seventy-one percent of respondents indicated that their organization uses e-mail to share information on a wide range of business-critical data, including documents related to company financial information, human resources and Intellectual Property and contracts with external parties.
  • E-mail takes center stage during e-discovery and during litigation. Nearly one-third of respondents indicate that their companies have been required to produce e-mail during e-discovery requests and their e-mail records have been used during litigation.
  • Many organizations have been slow to implement appropriate e-mail storage and content security solutions. According to the survey, 48 percent of respondents do not have tools in place to store e-mails in their original form in a manner that does not leave them susceptible to tampering.
  • Wide-variety of corporate initiatives drive adoption of e-mail authentication solutions. Regulatory compliance, e-discovery concerns, risk avoidance and internal policies mandating improved security represent the top drivers for the adoption of authentication solutions.
Full findings for Surety's 2008 E-mail Security and Authentication Survey are available at

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+