Law firms deal with all sorts of crucial and confidential information in their data banks, including intellectual property, business transactions, financial information and personal information of clients. The recent Panama Papers scandal, which saw 2.6 terabytes of data leak from law firm Mossack Fonseca’s database has shown the potential fallout that can result from a data breach on a large scale. So what can businesses take away from this incident? We set out the key lessons below.

1. Location and Monitoring of Data

For law firms, valuable data usually refers to its client case files and their client’s personal details. Many startups and businesses, particularly those claiming to be paperless, will store this data on electronic devices, e.g. phones, laptops and servers. Many businesses additionally use cloud-based software to store their files for easy access and sharing. The risk with these systems is that, like anything stored online, they can fall prey to hackers quite easily and expose significant confidential information.

It is important that your business periodically reviews where your data, particularly confidential information, is stored to ensure that there are adequate data security measures in place, such as two-factor authentication. Moreover, you should frequently monitor outgoing data and see if files are being downloaded or transferred without the correct permissions.

2. Update Your Security

There are several ways to increase security for businesses. Strong firewalls and encryption are basic methods to safeguard data, and many security professionals suggest the implementation of data loss prevention, a strategy used to make sure users do not send sensitive information outside the firm’s network.

Additionally, it is more secure to segment your data. For example, this could mean separating the business’ web server from their email server, which is also separate from where customer or client files and other valuable data are stored. Each segment should have its own layer of security and access. In this way, data breaches could then be limited and contained, giving the business a greater chance to stop the breach before it does too much damage. It is important for businesses to keep up with the latest technology to effectively defend its business’ data from modern attacks.

3. Preventing a Data Breach From the Inside

Businesses are too often only concerned with outside hackers accessing information and a data breach occurring that way. However in many cases, the leak may be a result of an internal employee or contractor such as a whistleblower. When the Panama Papers incident occurred, some security experts theorised that the size and scale of the breach meant it was likely there had been help from the inside.

Therefore, employee access to sensitive and confidential information should be reviewed to limit those who can see and use certain data. In a similar concept to setting up a Chinese wall, for example, former employees or low-level employees could be prevented from accessing the information with new passwords or security checks to minimise the risk of leaks.

Businesses can suffer a significant blow to their reputation if their IT systems are hacked as a result of having poor data security practices. In addition to securing your network, businesses can also inform employees and clients of how data is stored, transferred and monitored. Your employees should be aware of their obligations in using your technology through an Employee Handbook. Clients can also be informed through a Privacy Policy or Terms of Use. If you have a question about IT security best practices, contact our IT lawyers.

Anthony Lieu

Next Steps

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.