News + Resources

Paperless offices certainly have their advantages. When there is no physical paperwork lying around, there is less risk of confidential information being misplaced or thrown into the wrong bin. A clean desk leaves little for an attacker to rummage through.

But modern offices rely heavily on IT, both for business operations and building management, and those systems are often the weakest link. Consider the Mossad Mossack Fonseca case in Panama: cleaning staff were able to exfiltrate massive amounts of data at night using nothing more than USB drives. The point is simple: going paperless does not eliminate risk; it simply shifts it.

And in the middle of a cyber attack, everyone needs some paper.

Imagine your systems crash with a blue screen of death and a ransom note appears demanding payment, or threatening to leak your most sensitive information on the dark web. What do you do? Ideally you would open your incident response plan with a few clicks. But if your computers are down, that document might be locked inside the very systems you cannot access.

That is the real issue: how do you reach your most detailed and sensitive IT recovery plan when your IT has failed?

The only reliable solution is to keep a few printed, up to date copies of your plan. Version control is critical. These hard copies must be stored securely, locked away with access limited to a small, trusted group. They should include the essentials: an overview of your infrastructure, clear steps for containment, eradication, and recovery, and all relevant playbooks.

Yes, a printed plan is itself a sensitive document. But it is far better than trying to rebuild your response strategy from memory in the middle of a crisis.

We advise our clients to carry a small physical reference, something as simple as a credit card sized list of emergency phone numbers. We also recommend maintaining a separate set of email accounts, for example on Gmail, to serve as a backup communications channel outside the compromised environment.

This secondary communication layer is for emergencies only, but it allows you to regroup quickly after an attack. Depending on the nature of the incident, your IT director’s first instinct may be to disconnect servers from the network to stop a virus from spreading. If that happens, you are unlikely to access any business data until later, and you cannot rely on memory to reconstruct your architecture or understand how your systems fit together.

Your credentials also need a secure, off network home. A password manager can work, but ensure it is kept separate from your core systems. The rule is simple: anything that must be protected, and truly protected, should not live solely on your operational network. That includes your recovery plan, your backups, and in some cases your critical data stores.

Sometimes the safest solution is still the old fashioned one: paper. Just make sure you keep it updated!