So, today is 'World Paper Free Day' apparently and I'm not sure whether it's appropriate to buy a card in the circumstances. Joking aside, what I am sure of is that such Hallmark days do provide an opportunity for press releases to be thrown in my general direction. And so it was that yesterday one pops into my inbox proclaiming "Paper revealed as the top threat to information security." What rot! Before even reading a word of the release itself I knew that it was going to be rubbish that, if it were on paper, I would screw into a ball and with an athletic flounce chuck into the bin. I was not wrong, and here's why.

"Paper the top threat to information security say two-thirds of UK firms. Iron Mountain/PwC study reveals just 15 per cent have a team focused specifically on paper protection" screams the strap line. "The handling of paper documents is the single greatest threat to the protection of information, according to a recent study by storage and information management company Iron Mountain and PwC launched ahead of World Paper Free Day on November 6th" it continues, before informing me that 66 per cent of mid-sized companies regard the management of information on paper as a serious security risk, and that's more than double the number that fear external threats to digital content such as hacking and malware.

Can you spot the two big problems there? The first is obvious, and that is this bit of news was brought to you by a 'storage and information management' company, so no vested interest there then. The second is the wholly ridiculous claim that handling of paper is 'the single greatest threat' to information protection. Have I said "what rot" already? Yes, I have, good. If this was actually the case, in an increasingly digital world, then all our fears about cyber criminals, malware and data breaches could be solved by concentrating on removing paper from the equation and by so doing eliminating paper. How does that apply to those businesses who are, indeed, pretty much paper-free already? Can they save a small fortune by not bothering about protecting the digital data now then?

Look, I'm not completely stupid; I do understand that paper documents represent a security risk within any organisation that does not have appropriate strategies in place to mitigate risk wherever it occurs in the business. That means ensuring that any legacy archives are properly secured, access properly restricted and disposal properly supervised. All that should go without saying, as should suggesting that paper is the major risk we need to be concentrating on as far as data security is concerned.

I agree with Sue Trombley, Managing Director of Professional Services at Iron Mountain when she says that "organisations need to introduce and monitor effective processes and responsibilities for keeping paper documents safe. While we may never be completely free of paper, we can significantly reduce its associated risk by raising awareness, providing practical processes, and monitoring compliance" and if that was all the press release said I probably wouldn't be writing this news rant right now.

Unfortunately it went further, a lot further, and entered FUD territory by trying to hook a scare story on the back of a Hallmark day with that 'paper top threat to information security' headline...

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3 Years
Discussion Span
Last Post by RobertHDD
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.