The Panama Papers scandal of 2016 made headlines globally when Panamanian law firm, Mossack Fonseca, was at the receiving end of a cyber-attack that resulted in 11.5 million documents (2.6 terabytes worth) being leaked.
Records of 1,200 Australians, including former Prime Minster Malcolm Turnbull and former NSW Premier Neville Wran, were amongst those leaked by a whistle-blower known only as ‘John Doe’ to German newspaper Süddeutsche Zeitung. The International Consortium of Investigative Journalists (ICIJ) then spent more than a year indexing, organising and analysing the data, in collaboration with journalists from almost 80 counties, before the story broke.
The files included confidential information such as emails, financial spreadsheets, passports and the corporate records of companies, (and their secret owners) in 21 offshore jurisdictions.
Subsequently, Mossack Fonseca shut down as a result of this breach. Their part in the international tax evasion was too much for them to overcome from a financial and reputational standpoint.
How can I avoid a breach of confidential data in my law firm?
Protecting your data in the current climate is increasingly complex - cyber criminals are gaining momentum at an incredible speed. Safeguarding your business requires a number of solutions to be layered for the best chance of safety. Reliance on one solution alone is not enough.
Mossack Fonseca’s downfall was, in part, due to their lack of data security and protection measures. A global law firm with more than 600 employees and a network across 40 countries, best-in-class cyber security measures should have been a given. Cloud applications, while enabling employees to work remotely, are fraught with security issues if not managed correctly – and that means employing systems that monitor around the clock.
Law firms also have more sensitive documentation than many other businesses, thus there is an increased need for impeccable security controls such as transfer and recovery, encryption and data anonymisation, data loss prevention and user and data analytics, all of which can be set up by The Missing Link cyber security experts for your business.
Access control is also an area where law firms can learn from Mossack Fonseca’s mistakes. It has been speculated that the data breach originated from within the business. If that was actually the case, there may not have been a validation of application users or the individual behind the breach could have had access beyond their real requirements. An example of this would be a team member having access to all client details on a database, rather than only those they deal with regularly.
How can I prepare my business and avoid a data breach?
We know that law firms can have complex requirements not seen in other businesses. And with this complexity comes the need for a unique solution to fully satisfy your security needs.
Speaking to cyber security experts, such as ourselves, can help determine your needs – now and in the future – and take the day-to-day management of security off your plate. The Missing Link has been a trusted provider of security solutions for a number of years and we pride ourselves on finding the right mix of technology for our clients.
We have a team of cyber security experts ready and waiting to help you. Contact us to start a conversation about your needs.
If you liked this article, you may also like:
Enterprise Legal Departments: the focus is on AI, Cloud and Security
Quantum Computing: Is it a cyber security threat?
5 Steps to Keep Your Digital Information Secure