Richards & Richards Blog

The 3 Don’ts of Data Security

As a small business owner, you have a responsibility to protect data belonging to your customers, employees and company. And it’s not only data belonging to big businesses that criminals are going after; each day, small organizations fall victim to data breaches resulting in very real consequences. According to AccountingWeb, 80 percent of small businesses that experience a data breach suffer serious financial losses. Luckily, there are valuable lessons to be learned from companies that have already fallen victim.

Don’t exceed retention periods

Records retention periods outline clearly defined periods for holding on to information. However, these timeframes are often mismanaged or altogether ignored. Some small business owners take on a hording mentality, holding on to every last bit of information indefinitely. In addition to creating serious physical space constraints, exceeding retention periods also increases data breach exposure. Although no longer useful, your expired documents and data storage devices may still contain:

  • financial information
  • proprietary data
  • clients’ personal information

In order to prevent identity theft and business fraud, final disposition dates within a retention schedule should always be followed. A professional records management solution ensures that retention guidelines are always followed and that documents and devices containing expired data are destroyed in a timely manner.

Don’t rule out worst case scenarios

Preventing theft of corporate data is a non-negotiable, but so is protecting your information from other circumstances beyond your control. Your data can be permanently lost due to any of the following events:

  • fire
  • flooding
  • natural disasters such as earthquakes, tornadoes and hurricanes

Problems occur when the majority of your data is stored on-site. Disaster recovery and business continuity experts recommend that mission-critical data be stored in a secure location away from your primary place of business. Several factors should be considered when choosing an off-site location:

  • technology and methods for managing inventory
  • security and surveillance systems
  • controlled and limited access to screened personnel

Paper and electronic records have different storage requirements, so all data storage media should be stored and managed in a fire-rated vault equipped with the following:

  • ceramic fire walls
  • magnetic shielding
  • zone 4 earthquake resistance

Don’t assume data security awareness

You have to educate and train your employees about data security best practices. Training can range from common-sense approaches—such as not leaving computer screens and sensitive documents unattended at workstations—to encrypting data prior to exchanging it. Protocols should be established with regard to:

  • BYOD (bring your own device)
  • secure web browsing
  • portable USB use
  • file and document retrieval

It’s important to remember that data security education is ongoing and should be scheduled regularly for the good of your business.

Richards & Richards provides records and information management solutions to business throughout Nashville. For more information about how we can strengthen data security for your company, please contact us by phone or complete the form on this page.

Choosing the Right Data Protection Solution

Your business data constantly runs the risk of being maliciously stolen or permanently lost due to negligence, natural disasters or other factors outside of your control. But finding a data protection solution that combines affordability and maximum recovery capability can be a challenge. An increasing number of vendors are offering to protect your information, but until you are forced to recover your data, you can’t really tell if it’s properly protected—and by then it may be too late. Choosing the right data protection partner comes down to understanding your backup and recovery options and thoroughly vetting the supplier protecting your data.

Online vs. offline backup

Recently a flood of online backup solutions have appeared on the market, targeted to companies of all sizes. Also referred to as “cloud” or “remote” backup, these solutions promise easy, low-maintenance backup and swift recovery of data. While the process is automated and does not require physical intervention, it is dependent on internet speed for the transfer of data.

Offline backup involves the transfer of data from a database to a tape via hardware. This backup option allows large amounts of data to be protected at a low cost. Backup tapes, if protected offsite in an optimal environment, can be preserved for an extended period of time. Data recovery using offline backup is not dependent on internet speed.

Ensuring continuous data recovery

Online backup is marketed to individuals and companies as a low-maintenance and easy data protection solution, but because it is bandwidth-dependent, the volume of data that can be backed up at any given time is limited. Therefore, it may not be possible to back up all mission-critical data stored on a single hard drive. Bandwidth constraints also impact how quickly data can be restored. This is a stark contrast to offline backup where a large amount of data can quickly be written to tape. Data recovery with tape is not bandwidth-dependent and is extremely fast and efficient.

It makes a difference who stores your data

Any number of service providers are willing to store your data, but it’s hard to tell if your data will really be protected while in their custody. Some online backup providers do not even guarantee information protection that meets the requirements of regulations such as HIPAA. Anytime your data is stored online, there is a certain risk involved. Customers of Amazon’s Simple Storage Service (S3) found this out early last year when researchers found that they could easily access 126 billion files stored on S3—files that should have been restricted—simply because their owners failed to mark them as “private.”

On the contrary, when using a locally-based media storage solution provider, you meet the real people who care for your data. There’s a lot at stake when storing a company’s data, and a local data protection vendor will take extra steps to ensure maximum privacy protection—after all, their reputation within your community depends on it. Still, as part of your due diligence when choosing a data protection solution, you should look for:

  • client references
  • experience and capabilities
  • certifications, honors and industry involvement

Richards & Richards provides businesses throughout Nashville with data protection solutions. For more information please contact us by phone or complete the form on this page.

How to Protect Your Hardcopy Data Long Term

Each day, documents are routinely accessed and used within your business. What would be the impact if a single file or your entire hardcopy inventory suddenly vanished? How would you resume conducting your operations as normal? Could you continue to service your customers? Your paper documents may be the lifeblood of your organization, and they deserve proper protection.

Where they’re stored

As with any critical business asset, your paper documents should be physically protected from unforeseen events. Catastrophes causing permanent hardcopy data loss run the gamut:

  • leaky water pipes
  • burglary
  • electrical fires
  • natural disasters

When documents are either partially or permanently lost, your business processes are immediately interrupted, which can also have an impact on legal and regulatory compliance.

Disaster recovery and identity theft experts highly recommend that hardcopy business information be stored in a location away from your primary place of business. Choosing the right storage facility is especially important and should not only minimize the aforementioned risks, but also provide round-the-clock records management services to support both your retention requirements and data recovery needs. Things to look for in a facility include:

  • perimeter security
  • continuously monitored access gates
  • external and internal 24/7 security surveillance

Distinctly different than a self storage business, a records center only offers access to screened records management professionals. All documents are stored on high-density shelving units with in-house sprinkler systems for rapid fire suppression.

How they’re managed

Within any office, without constant oversight and proper organization, documents are bound to get lost or misplaced over time. A file cabinet drawer may be accessed several times over the course of a single business day, increasing the likelihood that individual documents and whole files could be misfiled or misplaced. Archival files may be mixed in with their more active counterparts and document storage areas may not be monitored, which can lead to unauthorized access of sensitive information. These problems can be avoided with the use of proper retention management practices. In order to fully protect hardcopy data, you should be able to fully account for the following items at any point in time:

  • where specific documents are located
  • who has accessed a particular file
  • when a file has been retrieved and returned
  • how long documents need to be kept

When your documents are managed by a professional records management company, not only is an accurate audit trail for your hardcopy data constantly maintained, but the stress of having to manage files internally is also alleviated. Barcode tracking and inventory management technology enable documents to be consistently accounted for and securely retrieved and delivered according to your needs. All information pertinent to your hardcopy data can be shared between the records center where your inventory is stored and your business office, providing you with increased records management functionality, including:

  • web access to important retention information
  • verification and editing of destruction dates
  • custom reporting options

Who’s protecting them

In addition to the facility where your hardcopy data is stored and the way in which it’s managed, you must be able to place 100% confidence in the company protecting your documents. When you choose a local vendor with a history of serving your community, you reap the benefits of working with a provider built on trust and service. You should search for a company that has established itself as an expert in the records and information management industry. Additional things to look for include:

  • client references
  • special designations and awards
  • professional affiliations

Richards & Richards provides businesses throughout Nashville with records and information management solutions. For more information, please contact us by phone or complete the form on this page.

Dispelling Myths about Document Retention

Proper document retention is essential to business success. But unfortunately there are commonly-held misconceptions on how and when to retain files. We’ve outlined three myths about document retention so you can improve your methods for handling and managing your business information.

Retention documents must be stored on-site

Business owners are known for their “can-do” attitude. But persistence and determination can be a detriment to sound document retention practices. When it comes to storing and managing documents, the thinking often goes something like this:

  • “I know where everything is.”
  • “It’s safe.”
  • “I can manage my information.”

Even for the most adamant control freak there are going to be times when he can’t find a document. The reality is that files get misplaced all the time. Each time it happens, the current task falls by the wayside and workflow is interrupted. File retrieval, even at its smoothest, takes time. Being able to continuously track and monitor the flow of documents helps improve all of your business processes. But in order to do so, your business retention inventory needs to be properly managed in a way that doesn’t cause you to ignore something equally important.

Everyone likes to think of their business as safe and secure. Yet every organization is susceptible to risks, especially when it comes to paper documents. A fire, flood or natural disaster can lead to permanent loss of critical business information. Having an off-site location where you can confidentially store retention document strengthens your disaster recovery capabilities and protects your entire business.

Hold on to it just in case

If you’ve ever been audited and weren’t able to produce a document, you know how stressful that can be. But holding on to documents longer than necessary can also get you into trouble. Records that have exceeded required retention periods may complicate litigation proceedings and create a legal nightmare. And an auditor isn’t going to be too happy if she has to wade through documents that should have been securely disposed of a long time ago.

There’s also the issue of disorganization. The more documents you hold on to the more likely your office is going to become cramped and cluttered. This can have a serious impact on overall business productivity.

Documents that should have already been destroyed are also likely to contain confidential information. The longer these records are kept, the more identity theft and business fraud exposure you’re assuming. A box of documents containing personal information that has been sitting for years may have already been opened and riffled through—and you would never know it.

One retention policy is all you need

Having one retention policy may work for a small business, but for larger organizations retention guidelines have to fit corporate compliance guidelines. Individual business units may need to set their own retention guidelines—after all, they are experts when it comes to their own documents. This doesn’t mean that retention guidelines shouldn’t be coordinated across your enterprise; it’s still important that your company complies with any regulations affecting your entire organization.

If you need retention management assistance for your business, we can help. Richards & Richards provides businesses throughout Nashville with records and information management solutions. For more information please contact us by phone or complete the form on this page.

How Document Scanning Enhances Your Ability to Meet Audit & Regulatory Requirements

Alleviating an over-dependence on hardcopy records is one advantage of implementing a paperless solution for your business. Document scanning also automates workflow within your organization and streamlines business processes. And for organizations that are frequently audited and have to meet regulatory requirements, an imaging solution can also greatly enhance audit and compliance capabilities.

Your privacy protection obligations

Privacy protection is like insurance against legal liability and damage to your business reputation. Safeguarding personally identifiable information is also a key component of the following regulations:

  • Health Insurance Protection and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX)
  • Gramm-Leach-Bliley Act (GLB)

Electronic records offer enhanced security from their hardcopy counterparts in that they can be password protected to restrict access to those other than authorized end users.

Yet the process that enables hardcopy documents to be imaged and converted must also follow strict protocols to ensure privacy protection during scanning. Many companies put their data at risk by transferring hardcopy documents overseas to low-cost, third-party scanning providers. In order to ensure regulatory compliance, it is best practice to engage a local document scanning provider with whom you can meet firsthand and verify chain of custody procedures.

Eliminating audit headaches

No one likes to be audited. The easier you can make an auditor’s life the less painful the process. This means being able to give an auditor the information they need in a timely manner. Many businesses start the relationship off on the wrong foot by handing an auditor a box of un-indexed documents, making her job more difficult and increasing the likelihood of unfavorable results.

Document scanning enhances document management, making it easier for an auditor to find the information they need. Electronic records can be better organized, added to an Enterprise Content Management (ECM) database for efficient access, offer full search capabilities enabling precision location of specific data, and provide the following benefits:

  • records tracking
  • document access control and monitoring
  • expedited information retrieval

While you want your documents to be scanned in a timely manner, you also need them to be scanned accurately and clearly. Therefore, quality assurance is imperative during any scanning process. Without strict monitoring and verification that all information has been accurately and thoroughly captured, there’s no guarantee that an auditor or regulator will be able to access the required information.

Thus, when implementing a professional document scanning solution, make sure that speed does not trump accuracy. Images should be captured at a speed that allows for a scanning technician to do a visual check of each image as it is captured. Otherwise, critical data may be lost during the imaging and conversion process, significantly impacting your ability to successfully meet audit and regulatory requirements.

Richards & Richards provides document scanning and imaging solutions to companies throughout Nashville. For more information please contact us by phone or complete the form on this page.

Scan on Demand: No Searching, No Lifting and No Stress

You’ve just dropped off the last of several truckloads of office documents to your self storage unit. Awash with exhaustion and a sense of relief, you return to your office where it seems as if the space has quadrupled since you’ve cleared everything out. A couple of hours later you receive a phone call from a client; it’s been a while since you last talked. She’s calling to ask for a copy of an escrow document for refinancing her home and needs it ASAP. You tell her that you’ll have it for her in a few hours but it’s only after you hang up the phone that you realize it’s not in your office anymore—it’s now at your self storage unit.

You hop in the car and drive back over to the facility. Once you arrive and roll back the door on your unit, you have to force yourself to take a deep breath. Boxes are stacked everywhere with no rhyme or reason and some aren’t even labeled. It could take several days to find that client’s document.

A superior off-site solution that offers fast document access

It’s a nightmare scenario indeed, but one that can easily occur when you store your records in a self storage facility. As opposed to a professional records center, self storage does not offer:

  • record indexing services
  • barcode tracking of files
  • pickup and delivery of boxes

The list goes on and on. And what seems like a convenient storage option often proves to be otherwise. In that type of time-sensitive situation, a professional records storage service could get you the physical file you need the next day. But imagine if you were able to send a client a requested file in a matter of hours. Doing that could result in keeping them as a valued customer over the long term and/or a referral for new business. These days the faster you can gain access to data and provide your clients with the information they need, the more likely your business will thrive.

The impact of quick access to your business information

Near-instantaneous access to information is a possibility with a Scan on Demand solution. Your record storage and management solution provider can take any document you have stored off-site in their commercial records center and convert it to an electronic image whenever you need it. Take, for instance, the aforementioned scenario where your client calls you with an urgent need for a specific document. While you’re talking to her, you can login in to a secure database, view the inventory you have stored off-site, and then make a request for your records storage vendor to send that document to you electronically. On the other end, your request is received and the following procedures take place:

  • the document is located at its assigned shelf location
  • its barcode is scanned
  • the item is imaged and converted into a digital file
  • the digital file is sent directly to you using secure file transfer protocol (FTP)

There’s no searching through file cabinets, no heavy lifting and—perhaps best of all—no stress.

Reliable, effective and efficient

Scan on Demand is one of the most effective and efficient methods of gaining better access to the information you need. And it also saves you money. Instead of having to scan and convert all of your hardcopy documents to electronic images, including documents you may never be required to access, you only image the precise documents you need in a digital format.

Richards & Richards provides businesses throughout Nashville with records storage and management services. To find out more about our Scan on Demand solution, please contact us by phone or complete the form on this page.

Cloud or Tape: What’s the Best Solution for your Business Data?

In today’s world where the majority of your data is digital, a single data loss incident can have a widespread effect on your business. Whether it’s accidental deletion of a critical client file, an unexpected crash of your server, an extended business interruption due to bad weather conditions or a natural disaster, you have to be prepared for a wide range of circumstances that can limit access to your information. Backup is a non-negotiable. However, with an increasing number of vendors competing for your data protection business, it can be confusing selecting the right backup solution.


More individuals and businesses are operating within the cloud, using online applications instead of software, and opting to store personal information on remote servers that make data accessible from any remote location. In doing so, there are often unrealistic expectations that are assumed:

  • Data will always be available
  • Data access will always be swift

These assumptions were put to the test during Hurricane Sandy when extended regional power outages made access to online data slow or impossible. Disaster preparedness is an important consideration for any business, and the ability to restore data in a timely manner has a direct impact on your organization’s recovery capabilities.

Having an offline backup solution makes you less vulnerable to outages affecting your cloud service provider. The combination of a generator to help you maintain power and a backup tape securely stored offsite can help your company keep going during a catastrophic event and minimize business interruptions.


Cost is another consideration that needs to be factored in when choosing a potential cloud backup solution. As most cloud service providers claim, cloud backup is easily implementable. Yet, you may unwittingly be locking your company into an agreement with a provider that offers less-than-optimal customer service. And then there is the cost of scalability. As your business grows and its backup requirements increase, your company may not be able to afford incremental jumps in pricing.

Offline backup offers a more economical data storage solution. Large amounts of data can be stored on a single backup tape—1.5 TB of storage capacity can be purchased for around $30—making data protection with an offline solution more affordable than using a cloud storage service. Offline data recovery is also faster as it is not dependent on internet bandwidth, which can greatly increase your disaster recovery capabilities.

Privacy Protection

You’re responsible for the privacy protection of your clients and employees. Regulations such as HIPAA, FACTA, SOX and GLB may directly impact your business. Ultimately, choosing any service provider is an extension of that responsibility, however a cloud backup vendor may be more at risk for privacy breaches. In recent years, prominent cloud service providers such as Amazon and Dropbox have fallen victim to security breaches compromising client data. Given the volume of confidential information these vendors manage, it’s easy to see why they’ve become desirable targets for data theft. Backup to tape and/or hard drive is not susceptible to threats of cyber attacks, hacking and malware. When stored offsite in a media vault where they can be thoroughly protected and preserved, your backup media assets can help maintain the privacy of your data and keep your organization compliant.

Richards & Richards’ provides businesses throughout Nashville with offsite data protection solutions. For more information please contact us by phone or complete the form on this page.

Protecting the Value of your Business Data and More: Why Going Offsite is Critical

It may be hard to quantify the value of your business data, but consider this: One single backup tape or hard drive may hold a wealth of personal information that would certainly fetch a high price on the black market. In the same manner, a single hard drive or tape can contain the essential information your business needs to quickly recover from a catastrophic data loss event. Given the increasing amount of data that can be stored on a single electronic media device—Sony recently developed a backup tape with the capacity to hold 185 TB of data—your business information may be worth more than its weight in gold. As a result, it’s important that you go the extra mile to protect your data.

Assessing vulnerabilities

Your electronic media is also one of your most vulnerable assets. Theft of tapes and hard drives has become more commonplace, making it all the more important to have a plan in place for ensuring their security as soon as a backup has been completed. Unfortunately, in the business world, internal chain of custody procedures for media assets is severely lacking and weak data protection practices are rampant. Backup media is often left on desktops in unsecured office areas. Many companies ask employees to take tapes or hard drives containing vital business data home with them, which is also a risky practice. Organizations may choose to store backup media in a bank safe deposit box, but even that offers only limited access to vital information in the event of a data loss scenario. Lose your data after hours or during a bank holiday, when safe deposit boxes are inaccessible, and your business is out of luck.

Magnetic media is also very susceptible to degradation from environmental variables such as:

  • excessive humidity
  • temperature fluctuations
  • dust and light pollution

If not stored in an environmentally controlled facility, the archival data written to tapes or hard drives is likely to be lost to degradation over time.

Implementing the right offsite solution

Disaster recovery archives recommend that any electronic information critical to your business be stored offsite in order to ensure strong recovery capabilities. In addition to maximizing recovery time objectives (RTOs), a sound offsite data storage solution can also ensure compliance with the following regulations:

  • SOX
  • GLB

However, before going offsite it’s important that you fully assess the facility where your backup media will be stored. Important factors to consider include:

A dedicated media vault facility offers the highest level of protection for backup tapes and hard drives. In addition to providing an environment that maximizes the lifespan of your media assets, it also limits the risk of data loss to natural disaster and theft. The data protection company managing your offsite inventory should also practice strict chain of custody procedures and exhibit the highest standards in their privacy protection measures. After all, not only do you need peace of mind knowing your data is safe and secure, but you also need assurance that you can restore vital information at a moment’s notice.

Richards & Richards provides companies throughout Nashville with data protection solutions. For more information please contact us by phone or complete the form on this page.


NASHVILLE – (May 30, 2014) Nashville records and information management company Richards & Richards has been named a Better Business Bureau of Middle Tennessee Torch Award winner for 2014.

The Torch Award is presented to businesses who exemplify ethical commerce. Richards & Richards won in the medium-sized business category. There were more than 250 Torch Award applicants this year.

“We’ve been in business for almost 30 years and have won lots of awards,” said Richards & Richards President & CEO Steve Richards. “But the Torch Award, which honors our company and its employees for their leadership in business ethics, makes me especially proud because of what it represents.”

The Torch Award news comes on the heels of Richards & Richards’s announcement that they have installed a new, FireLock DataVault for the management and storage of computer backup tape and highly sensitive magnetic media.

“The Torch Award is given to companies that have earned the trust of their customers, and in our business that means we are trusted to keep records safe and secure,” said Richards. “The Data Vault helps us deliver on that promise.”

Ensuring HIPAA Compliance for Your Medical Practice

With the adoption of electronic health records (EHR) systems, a changing health insurance landscape, and rapid technological advances, it seems that no other industry that is undergoing as much change as the healthcare industry. As mandated compliance to the HIPAA final omnibus rule—which went into effect in September 2013, strengthening provider requirements for ensuring patient privacy protections—and healthcare providers have a lot to think about.

The evolving HIPAA landscape is also reflective of—and a direct response to—the countless privacy breach threats the healthcare industry faces. Hospitals, institutions and small practices are increasingly targeted for the acquisition of confidential patient information. Providers who do not adequately protect patient health information (PHI) not only risk damage to their reputation and face civil lawsuits, but also run afoul of increasing scrutiny by the Department of Health and Human Services Office for Civil Rights (OCR). Recently, the OCR handed out a record-breaking $4.8 million HIPAA fine to New York Presbyterian Hospital and Columbia University Medical Center for failure to protect PHI. This should serve as a cautionary tale, not only for large healthcare institutions but also for doctors and practitioners with smaller practices.

HIPAA compliance doesn’t necessarily mean having to invest in costly electronic systems; often it comes down to basic, common sense methods for maintaining continuous privacy for your patients’ health information. While the pilfering of electronic health information through hacking and cyber-attacks is certainly on the rise, breaches of hardcopy information are still common.

For example, in another recent occurrence, a complaint was filed against a large drugstore chain for alleged HIPAA violations, including accusations of PHI being left unattended on desks and in public areas. While the OCR did not find widespread or systematic non-compliance, individual instances were noted and suggestions were made for ensuring safeguards, one of which was enhanced staff training.

Protecting patient privacy

These troublesome violations highlight the need for ongoing HIPAA training of the doctors, practitioners and administrative staff within your practice. All employees should understand privacy and security policies and associated consequences of a violation. Policies for the handling of PHI should also be made clear. Procedures for storing, accessing and disposing of medical records and business documents should also be clearly outlined.

Patient information should never be left in plain view for others to see. On-site file rooms should be locked and access to records highly regulated. Inactive files should be transferred off-site to a secure records center where they can be protected and managed for the duration of their retention life cycle.

Records and other paperwork should promptly be disposed of. A secure NAID AAA certified shredding service eliminates expired records being left on desktops or workstations where they run the risk of being compromised. Shred collection containers can be strategically placed within your practice, enabling documents and files to be quickly and securely disposed of and shredded in accordance with HIPAA standards.

Richards & Richards provides healthcare providers throughout the Nashville area with comprehensive records and information management solutions. For more information please contact us by phone or complete the form on this page.

Enter your email address to subscribe to this blog and receive new posts via email.

Contact Us

We would love to hear from you! Please fill out this form and we will get in touch with you shortly.
  • This field is for validation purposes and should be left unchanged.

Blog Categories

2014 Richards & Richards

1741 Elm Hill Pike Nashville, TN 37210-5717