Law firms deal with all sorts of crucial and confidential information in their data banks, including intellectual property, business transactions, financial information and personal information of clients. The recent Panama Papers scandal, which saw 2.6 terabytes of data leak from law firm Mossack Fonseca’s database has shown the potential fallout that can result from a data breach on a large scale. So what can businesses take away from this incident? We set out the key lessons below.

1. Location and Monitoring of Data

For law firms, valuable data usually refers to its client case files and their client’s personal details. Many startups and businesses, particularly those claiming to be paperless, will store this data on electronic devices, e.g. phones, laptops and servers. Many businesses additionally use cloud-based software to store their files for easy access and sharing. The risk with these systems is that, like anything stored online, they can fall prey to hackers quite easily and expose significant confidential information.

It is important that your business periodically reviews where your data, particularly confidential information, is stored to ensure that there are adequate data security measures in place, such as two-factor authentication. Moreover, you should frequently monitor outgoing data and see if files are being downloaded or transferred without the correct permissions.

2. Update Your Security

There are several ways to increase security for businesses. Strong firewalls and encryption are basic methods to safeguard data, and many security professionals suggest the implementation of data loss prevention, a strategy used to make sure users do not send sensitive information outside the firm’s network.

Additionally, it is more secure to segment your data. For example, this could mean separating the business’ web server from their email server, which is also separate from where customer or client files and other valuable data are stored. Each segment should have its own layer of security and access. In this way, data breaches could then be limited and contained, giving the business a greater chance to stop the breach before it does too much damage. It is important for businesses to keep up with the latest technology to effectively defend its business’ data from modern attacks.

3. Preventing a Data Breach From the Inside

Businesses are too often only concerned with outside hackers accessing information and a data breach occurring that way. However in many cases, the leak may be a result of an internal employee or contractor such as a whistleblower. When the Panama Papers incident occurred, some security experts theorised that the size and scale of the breach meant it was likely there had been help from the inside.

Therefore, employee access to sensitive and confidential information should be reviewed to limit those who can see and use certain data. In a similar concept to setting up a Chinese wall, for example, former employees or low-level employees could be prevented from accessing the information with new passwords or security checks to minimise the risk of leaks.

Businesses can suffer a significant blow to their reputation if their IT systems are hacked as a result of having poor data security practices. In addition to securing your network, businesses can also inform employees and clients of how data is stored, transferred and monitored. Your employees should be aware of their obligations in using your technology through an Employee Handbook. Clients can also be informed through a Privacy Policy or Terms of Use. If you have a question about IT security best practices, contact our IT lawyers.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Anthony Lieu

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy