5 Things Law Firms Should Learn from the Panama Papers Breach
On April 3, several news organizations published reports based on more than 11 million documents leaked from a law firm in Panama that allegedly helped set up secret shell companies and offshore accounts for elected leaders and top officials from around the globe.
From a cybersecurity perspective, the magnitude of the breach highlights potential defense weaknesses of which all law firms should be aware. Otherwise, it could cost a firm serious business – law firms and other professional services firms experience the fifth-highest rate of customer turnover when a data breach occurs, according to the Ponemon Institute.
Here are 5 key cybersecurity takeaways from the Panama Papers breach:
- Information is a cyber criminal’s universal currency. Law firms all store some combination of valuable client information, including personally identifiable information (PII), client intellectual property, confidential client business information, litigation strategy information and payment card information.
- Review where your critical data is stored – servers, laptops, phones, portable devices or paper – and determine the best way to secure it based on the various security risks posed wherever the data is located. Your organization should utilize strong encryption to lock down sensitive information in databases and servers to prevent hackers from easily stealing such data.
- Given the large scale of the Panama Papers breach, some security experts conjecture that an insider leaked the information. Access controls should be up to date to prevent former employees, contractors or low level users from accessing sensitive information.
- Run vulnerability and penetration tests on servers and networking equipment to make sure unnecessary services aren’t running that could lead to a vulnerability and potential unauthorized access.
- Develop an incident response plan to react to a breach and quarantine activity before it spreads throughout the network. According to the Ponemon Institute, having a plan in place saves an organization an average of $23.80 per compromised record.