The Panama Papers represents the biggest data breach ever recorded with 11.5 Million files stolen from the 4th largest offshore law firm, Mossack Fonseca. The breach uncovered the inside scoop on a corrupt financial system that helped the powerful and wealthy shift their assets around undetected by government bodies and tax agencies.
In addition to the millions of confidential documents taken, there were close to 5 million emails and more than 2 million PDF documents. Reports have shown that all of this could have been prevented if the firm had been current with its security practices and software updates. In past posts, I have referenced the importance of staying ahead of the cyber criminals – it is the hackers’ business objective to keep up to speed on the latest security trends. Mossack Fonseca’s emails were not encrypted with Transport Layer Security (TLS) protocols, their Microsoft Outlook web access was last updated in 2009, and the open source Content Management System (CMS) system they used, Drupal, was found to have at least 25 vulnerabilities. Initial reports based on their own internal review pointed to the origin of the breach being at the mail server layer.
It seems so basic – update your software, make sure your security best practices have the programs to support them, and be sure to monitor and test - and, repeat! It’s not like this is a new concept, this is just the reality of the world we live in. The wild, wild web… or is it the wild, wild west!? This breach could have likely been avoided all together if basic security measures and best practices had been followed.
In addition to securing the network, encrypting your emails, and running up to date software, it’s not a bad idea to secure your assets as well. This is the concept of putting your locked diary inside the locked safe. If you are going to leave your bike on the front lawn, make sure the lock is iron clad and if you’re going to leave your front door open, please have a camera monitoring system with all the bells and whistles!
You need the right people in place to enforce the best processes, with the backup of the best technology if you are going to stand up to this problem. It’s my blog and I’ll blab on and on about the same thing if I want to – secure your files with passwords, protect your assets with DRM, and never stop monitoring the process, because the second you do, you lose control.