Law Firm Data Security #PanamaPapers

In the last few days the world has been left in shock at the magnitude of the leak from a Panamanian Law firm by the name Mossack Fonseca. 11.5 million documents from the last 40 years which was a total of 2.6 Terabytes of data. 

The Law firm has come out to say that the leak is a crime and that they had done nothing illegal. When the dust settles down, we all have to ask "How does a law firm just lose 2.6 T of data and not notice anything?" The Panama Papers leak is reportedly the biggest ever data breach and calls into question the ability of law firms to protect clients' data.

So as a law firm what can you do to prevent such leaks? First it is important to understand that a data breach can occur due to a number of reasons

  1. Disgruntled employee
  2. Hackers gaining access to your data
  3. Phishing attacks that lead to hackers gaining access to all your data
  4. Weak security practices

For the said law-firm the breach occurred through hackers gaining access to their email server and eventually accessing their document servers. Below I will list the measures law-firms can take to prevent this hacks happening to them.

  1. Protect your server from Malware and Spam - remember all it takes is for one user to make a mistake and the hackers have the access they need.
  2. Implement solutions that protect your mailboxes against threats in real time. e.g. Exchange Online advanced threat protection.
  3. Implement solutions that have encryption enabled by default. One mistake the law-firm had was that they were not using encryption in their emails.
  4. Encrypt your backups, just incase the hackers get in make sure it is very difficult for them to make sense of the data they get access to.
  5. Have security policies in your organisation and also train your employees regularly to prevent them from becoming victims.

Being a Microsoft partner it cannot be stressed enough how the issue of data security is important. Going through the Microsoft Trust Center website it is clear Microsoft seeks to be compliant and protects your data through and through preventing you from suffering in the event of an attack or breach.

Get in Touch today to get a free consultation on ways we can safeguard you from an attack of any sort. Also, on how to put in policies in your organisation that can prevent disgruntled employees taking advantage of your lax security measures.