Chief security officers, often working with their legal counsel, need to protect paper-based documents.
“Every enterprise should include backup for paper documents as well as computer documents,” advised Stephen Hoey.
Of course, for facilities and enterprises that get hit by disaster the picture is even worse since most don’t even have the “luxury” of closing operations during recovery.
So where do you start? Begin with a very basic, three step disaster recovery plan.
STEP 1. PLAN
Be sure you backup all of your data, delegate responsibilities in case of an emergency or disaster and have some sort of continuity plan. When disaster strikes, the plan automatically goes into play – communications, documents, computers, contact with employees, clients, vendors are all covered.STEP 2. TEST
Based on Gartner Research Report it is estimated that 32 percent of all conventional tape backups would not restore properly. Many facilities that use a backup procedure do not test their backup media and suffer data integrity issues as a result. Add offsite storage of your backup media to your continuity plan. Be sure that your backup media is stored safely offsite and is accessible under all circumstances.STEP 3. REFINE
It is very easy to overlook some of your most critical data – your paper records. More than 70 percent of today’s businesses would fail within 3 weeks if they suffered a catastrophic loss of paper-based records alone due to fire or flood.Keep in mind that disasters can be major or minor. Major disasters are earthquakes, floods, long term
blackouts and are not very common. However it’s the minor disasters that can cripple your facility overnight if you don’t prepare. Minor disasters include: roof leaks, pipe bursts, water damage, mold on documents, sabotage, negligence, loss, theft or misfiling.
DANGERS OF CENTRALIZED STORAGE
Let’s take a typical scenario. This enterprise has centralized storage of all business records including invoices, purchase orders and vendor files plus original architectural drawings dating back to the turn of the century. Precautions had been taken for protecting the area with sprinklers, not considering that while a flash fire would have been controlled, the water damage would have wiped out the documents in minutes. With some simple steps a document scanning procedure was put into place to help this facility protect its documents.Every enterprise should include backup for paper documents as well as computer documents into its recovery plan. A simple way to get started in this area is to begin scanning all paper from today forward. You can purchase an easy to use, inexpensive, desktop scanner and be up and running quickly. A document scanning service can assist with your “backfile” conversion, large document scanning and simple ways to integrate the process into your day to day workflow.
Regulations and corporate rules now demand better storage and retrieval of business-related e-mails.
SIDEBAR: But What about Those Dangerous E-mails?
New rules took effect two years ago that help companies decide how many e-mails and other digital items they have to keep in case someone sues them and demands the documents be brought to court. Even small companies can generate millions of digital documents in a very short time, and systems for managing them can be expensive.
IT security software provider Surety, LLC recently shared results of its 2008 E-mail Security and Authentication Survey with Security Magazine. The survey, which included more than 800 IT security, e-mail security and compliance professionals, revealed significant concerns about e-mail content security and the preservation of e-mails for litigation, including the following surprising takeaways:
- More than 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as evidence in legal, regulatory or patent disputes;
- More than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments; and
- More than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication, including e-discovery.
- About 65 percent of respondents lack confidence that their organization's e-mail records would be admitted as authenticated evidence in legal, regulatory or patent disputes.
- The survey further revealed that more than 80 percent of respondents are concerned about their ability to authenticate e-mail records and attachments and more than 50 percent of respondents remain unclear on new regulations and legal expectations related to e-mail authentication.
Other findings in Surety’s 2008 E-mail Security and Authentication Survey include:
- E-mail retains its position as the most critical enterprise application. Seventy-one percent of respondents indicated that their organization uses e-mail to share information on a wide range of business-critical data, including documents related to company financial information, human resources and Intellectual Property and contracts with external parties.
- E-mail takes center stage during e-discovery and during litigation. Nearly one-third of respondents indicate that their companies have been required to produce e-mail during e-discovery requests and their e-mail records have been used during litigation.
- Many organizations have been slow to implement appropriate e-mail storage and content security solutions. According to the survey, 48 percent of respondents do not have tools in place to store e-mails in their original form in a manner that does not leave them susceptible to tampering.
- Wide-variety of corporate initiatives drive adoption of e-mail authentication solutions. Regulatory compliance, e-discovery concerns, risk avoidance and internal policies mandating improved security represent the top drivers for the adoption of authentication solutions.
