Retention Best Practices: What to Do with All of That Data

Your data retention and customer information are the lifeblood of your business – there’s no denying data’s importance, especially in day-to-day operations. Today, organizations across all industries are tasked to protect this vital info, retain it, and provides access at all hours. Yet, all we’ve seen was a lack of the appropriate archiving and retention policies upon initial inspection.

Building Data Retention

As your MSP, it’s our job to be your strategic advisor and help them understand exactly what their retention requirements are for various business needs. By looking to clean up your IT environment and implement retention policies for more secure, and accessible data you can gain an edge on the pitfalls of errors and mistakes.

By establishing data retention policies, here are some key points you should consider. Keeping in mind, that not all data is created equal—the first step in establishing appropriate retention policies, which data needs to be archived, and for how long.

 

Step 1: Classifying

Strike a balance between what’s optimal for your business needs vs. cost-effectiveness, by asking some of these questions before classifying or deleting data.

– Is this info critical for the customers’ business operations?
– Would your data be classified as a permanent document of any kind?
– Is your data considered proprietary intellectual property?
– Does your data reflect the current, legitimate and useful information or needs?

Data that fits none of these criteria may be suitable for deletion – although most data is generally retained for at least a twelve-month period, with a very small percentage needing to be retained after that period for legal holds. Assess value and risk before deleting anything and consider cost and storage requirements when choosing to keep anything else. There should be no arbitrary or ambiguous data—everything must be accounted for.

Step 2: Compliance

There is a hierarchy to follow when determining which data must be stored. Ensure data retention policies align with any of the following compliance or regulatory restrictions:

Regulatory Compliance
Whether it’s HIPAA, FINRA, PCI, or other regulatory concerns, know your verticals, and know the law. What data must be kept (and for how long) can vary significantly from one industry to the next.

Legal Concerns
Retain all data that could be subject to legal discovery or would be needed in legal action should it arise.

Pro Tip: If you need a long-term storage solution for less time-critical data, you can leverage our series of cost-effective data retention and BDR solutions.

 

Step 3: Deletion

Once your identified data no longer serves any useful purpose, there’s more to do than simply emptying your desktops recycle bin. Set expiration dates for all data when establishing retention policies unless it’s designated to be retained in perpetuity. It should be noted, that when data has exceeded the retention limits, it should be deleted immediately.

Finally, data that is retained must be data that is accessible. Choose a fast and searchable archival method to access data and determine what frequently-used data (if any) should be kept “live” outside of archival applications.

For anyone unsure of their backup and disaster recovery technology, and its configuration, we can help. With over 30 years of experience, with information technology, our trained IT consultants can get you started down the right path.

 

8 Warning Signs You’re Using The Wrong IT Service Solution

Dreading your company’s technology review because you can’t show how your technology is performing? Have a provider suffering from a lack of ideas on how to truly accelerate technology?  You’re not alone – these are common symptoms for Bay Area businesses having selected the wrong managed IT service solution.

Read more

Uncovering the Gaps: 7 Proactive Cyber Security Best Practices for Bay Area Businesses

For businesses, the traditional approach towards cyber security is focused on defending against threats, and prevention. As criminals become bolder, and tactics grow in sophistication, defense and prevention aren’t enough. Over 80% of businesses are looking for third-party help with cybers ecurity. By following these practices, you can securely position your company from a secure-data standpoint.

Focus on Risk – Instead of achieving a 100% fully-secured business, shift the conversation towards how much risk to a business, and it’s data, each employee’s faces. Come to terms with the idea “100% Secured” is unattainable. Cybercriminals can and will always find new ways to attack. By implementing cybersecurity metrics that track logs and security patching. By uncovering how many applications lack the latest security patching, your team can uncover any security vulnerabilities that have not been addressed.

Prioritize the Data – Each business has that information, that remains at risk. For many of your businesses, it would be employee health records, customer information, bank routing numbers. This sensitive data should get the highest level of security. This ensures a harder time for hackers to access info, and work to educate employees on protecting these valuable assets.

Cyber Clean-up – It’s always good practice to stay vigilant about security maintenance, to prevent commonly overlooked threats, such as ransomware, and phishing attacks. These “housekeeping” tasks are typically strengthening endpoint security, administrative rights for hardware access, and folder structure, schedule and automate patching roll-ups, data backups, and overall response planning in preparation of an event.

Security Stand Out – While it’s obvious for most business to leverage security as a differentiator, it might be less clear for employees, who interact with multiple businesses each day. From financial firms to outsourced HR, or even healthcare, all of them require strong security, to protect employee data or their clients.

Regulatory Churn – New regulations, such as Europe’s recently released, General Data Protection Regulation (GDPR) often cause concerns for businesses based in the United States, but selling in Europe. Businesses are told to comply but lack the tools and know-how to bring systems, and processes to standards. Compliance managers were force-fed regulations, in hopes to determine how best to position the tools and services needed. As a trusted IT service partner, we assist companies in the discovery, and remediation of non-compliant networks to meet business needs, and compliance standard, making for great security.

Boosting Security Expertise – With a threat landscape, similar to that of the wild west, cyber security must change with it. Shrouded in secrecy, the threat landscape has never been more open to knowledge sharing. If your company doesn’t have the time to research the specific threats linked to your business, maybe it’s time to meet with us.

Build a Culture – Due to the constant threat of cyber attacks, security awareness training should employ best-of industry security habits, such as password changes, encrypting mobile devices, and avoiding public Wi-Fi, when accessing sensitive data. It’s ok to work while on-the-go but use a VPN, or a remote desktop receiver with 2-factor authentication.

Something most businesses lack and your competition forgot about. Win more business and increase your bottom line, by keeping network uptime maxed, and efficiency within your processes intact.

Realize the Power of Technology with the help of a trusted IT service provider. Contact us to begin an uncovering the gaps in your cyber security today.