IT and Business Insights for SMB Solution Providers

SMB Data Security: Smell the Lawsuits

A recent survey shows that SMBs are not confident in the integrity of their electronic records, and most don't even have an ERM system. By Cecilia Galvin

Data security, or a lack thereof, is now a growing concern and a high priority for many SMBs. And it’s a good thing too. In a recent survey of its member organizations by the non-profit Association for Information and Image Management (AIIM), 56 percent of respondents who have no form of electronic records management (ERM) system have little or no confidence in the integrity of their electronic records, compared with 28 percent of respondents with some form of system.

Interestingly, having an ERM system doesn’t improve confidence levels across the board. According to the survey report, “This reflects systems with limited scope, particularly with regard to emails, which may or may not come under a records management remit.”

Overall, 37 percent of the combined group—the haves and the have-nots—lack confidence in their electronic records. And while that’s still disturbingly low, it is an improvement over the 52 percent measured by AIIM two years ago. The way emails are managed is still a risk factor, says the report, even for companies with records solutions.

In fact, of the 709 AIIM members polled—67 percent of which are SMBs—34 percent practice a “delete-all” email policy, 23 percent keep all email to be on the safe side, and 31 percent have no policies at all. The remaining 12 percent identify important email as records and delete other email automatically or by hand.

“When the lawsuits and compensation claims kick in, companies are totally reliant on their communications records, and these days, almost all of those records are electronic,” says John Mancini, president of AIIM. “A third of organizations still have no systems in place to manage and record their electronic documents, and even those that do are struggling with their policies on email. Opinion is equally split between three approaches: delete everything, keep everything, and keep only the important things, which presents its own challenge of selection policy.”

Because of these variations in the way emails are handled, organizations are often unprepared should they need to retrieve specific records: 31 percent say that missing information has caused problems for them with regulation authorities, and 34 percent in court cases. Moreover, the record-keeping policies of 24 percent of respondents were questioned in court, and 25 percent have sent senior IT personnel to testify to the soundness of their electronic records.

The implementation of records management systems, says AIIM, enhances confidence in the reliability of electronic records. However, even with these systems in place, email management is still a concern. With all of these inconsistencies, solution providers would do well to discuss records management with their clients—sooner rather than later.

The survey, E-Discovery and ERM: How is Records Management Performing in the New Spotlight? was partially underwritten by ASG Software Solutions, EMC2, and Iron Mountain.

Jessica Mattison Contributed to this Report.

About the Author

Cecilia Galvin's picture

Cecilia Galvin is Executive Editor of ChannelPro-SMB.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.