Panama Papers Expose Data Security Deficiencies in Law Firms
By Rick Orloff, Chief Security Officer, Code42
The unprecedented leak of 11.5 million files from the database of the world’s fourth biggest offshore law firm is riveting. As details continue to emerge about the Panama Papers leak, the money laundering and secretive tax regimes and high-profile clientele make for a juicy story. But from an enterprise data security perspective, here at Code42 we’re shaking our heads.
It’s hard to imagine a situation where the stakes for data protection could be higher. This is an organization whose entire “empire” is built on “secret” data. And it was an all-or-nothing game: Mossack Fonseca will likely never recover to earn the trust of a future client—tax evader or otherwise. If there ever was an organization that warranted exceptional network security tools and data security measures, Mossack Fonseca was it.
A data security wake-up call for honest law firms everywhere
If a massive international law firm dealing exclusively in extremely sensitive data is this easily hacked, how vulnerable is your average, above board law firm?
According to the statistics, the answer is “very.” John McAfee penned an article for Business Insider in which he concludes that “law firms are easy pickings for hackers.” Bloomberg found that 80 percent of large U.S. law firms were hacked in 2015. Even more alarming, in the 2015 ABA Technology Survey, 23 percent of firms surveyed said they “don’t know” if they’ve experienced a breach, and only 10 percent have any sort of cyber liability coverage. For a cohort that knows a thing or two about liability lawsuits—and certainly knows that “ignorance of the law” is a poor defense—this is surprising.
Data protection is a high-stakes game for every law firm
And while a data breach at your average law-abiding law firm isn’t likely to result in indictments for fraud, the stakes are still extremely high. “The implications of law firm breaches are mind boggling,” Philip Lieberman, president of Lieberman Software, told Computer Business Review.
Most clearly, a firm stands to destroy every shred of trust with its clients—a reputation bomb that will be tough to recover from. In many cases, a leak could compromise legal proceedings and eliminate advantages by placing litigation strategy and privileged information out in the open.
Even if a firm’s clients and reputation escapes unscathed, data loss of any kind can trigger significant financial impact. A damaged laptop, or ransomware that holds data hostage, can leave an associate without access to critical information. The loss of billable hours quickly adds up. Add to that breach reporting requirements and potential fines, and the ROI of modern enterprise data security tools is easily apparent.
It will be interesting to watch the continued fallout from the Panama Papers, and we’re happy to count this as a win for the “good guys.” But as it dominates headlines and newsfeeds, we hope it’s also a major reminder for law firms—and enterprises in every industry—to re-examine what they’re doing to protect their data.
Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.