Mossack Fonseca hack and the Panama Papers scandal should have been a wake up call for all law firms to take clients data security more seriously. Here is Why we Should All Care About Panamapapers even if we have no offshore investment.
Law Firm Cybersecurity is at high risk. Dozens of big firms are targeted by hackers seeking for sensitive financial information. Major law firms including Cravah and Will Gotshal have suffered data breach. FBI has issued warnings. Still too many use insecure email exchange for information transfer.
Threats of Litigation After Data Breaches at Major Law Firms.
…both Weil Gotshal & Manges and Cravath, Swaine & Moore as well as other firms have suffered data breaches in recent months, put new attention on the potential consequences for law firms with lax security.
Daniel Solove, US privacy scholar wrote
Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organisations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.
Daniel Solove describes the situation and offers solutions to avoid the harms caused to the reputation and clients of a law firm attacked.
Just as an example, here is a List of data breaches and cyber attacks in February 2017. Recently, 1500 companies in over 100 countries hit by malicious Adwind backdoor RAT.
The CNIL, French Data Protection Authority has been publishing advices, including easy ways of encryption. I still hear Solicitors, lawyers, Notaries, exchanging sensitive data via simple emails or Dropbox. These are recipes for disaster and lack of consideration for clients. Apart from the reputation disaster, the GDPR new EU data protection regulation has serious fines to consider. Think well before too late : 20M Euro or 4% of world turnover fines.
Sometimes the treat comes from an insider. You might want to monitor live transfer of data from your network. If your employees bring their own devices, here is a good advice from the UK ICO.
I keep my sources of information updated on Pearltrees curation:
The Panamapapers scandal and the law firm Mossack Fonseca.
This work is licensed under a Creative Commons Attribution 4.0 International License.