Don't know about the paper. Seems like you would be going backwards, but overall, would be even more security.
With a good hardware firewall, not using admin/administrator for a login, and good passwords that are given out by you and not made up by your staff, the chances of someone hacking into your network are very slim. Especially if port 3389 is NEVER open which with the advent of 2008 for servers it has no need to be.
You have to ask yourself the question? Which is weirder?
That those files are missing? Or that someone would hack into your network, browse to those folders knowing what they were and taking them.
It's WAY more likely that users have permissions on the NTFS side that allow them to delete files. But, again, why would they?
A friend of mine in IT for over 33 years once told me (and I know this sounds ridiculously simple). But, when you are trying to fix something or figure out something weird or strange, there is always a simple reason once you find it.
Personally, I would tighten up security, look at the logs and then let it go. And, back up your II better.
