Wake Up Call for Law Firms: Panama Papers Hacking Crime
The attorney-client privilege is all for naught if client files are exposed during a cybersecurity breach. That’s what happened in the Panama Papers leak, which dumped 2.6 terabytes of information, or nearly every document that Mossack Fonseca law firm has collected over the past 40 years, into the public realm. The act undermined the practice’s reputation and pushes law firm data security into the spotlight.
The leak serves as a reminder that financial data is not the only information cyber criminals are after; political and ideological incentives may draw in hackers, too. You should prepare for this type of cyberattack just as you would for an attack aimed at stealing financial information.
Is your IT department hacking it?
In the wake of this security breach, law firms should reevaluate their own security controls, as well the security of the organizations they entrust to store their data. They should assume that any sensitive information could be a potential target for a cyberattack.
Much like particular legal specialties exist, information security is a specialized field within IT. Do not assume that your “IT guy” knows if your firm is secure against a targeted cybercrime. While assessing your security measures can seem like a massive undertaking, it doesn’t have to feel that way. There are steps you can take right now to help ensure that your controls are capable of protecting sensitive information:
- Train and educate your firm employees on their role in preventing cybercrimes. This includes the basics, such as refraining from clicking on unfamiliar web links and ensuring that unauthorized personnel do not tailgate or piggyback into your office.
- Establish a playbook in the event of a breach. This includes having all contact information at hand for your banker, the police, and your own legal counsel. You should know your own disaster recovery plan as if you will need to implement it later today.
- Ask about the risk practices and security measures of your vendors before transferring data to them.
- Engage an outside vendor to simulate a breach, or penetration test, at your firm. By allowing a vendor to attempt a hack into your network, you will be able to pinpoint weak internal security controls.
- Develop and uphold a policy for how all information is handled and secured at your firm, from clerks, to admin, to partners at your firm. Have all employees sign this document annually.
How we can help
The first step to protecting your data is to determine if your network is secure. By investing in a penetration test, you can identify the weak areas of your network to help lessen the risk of a cyber-attack. This will yield prioritized action steps that should be taken to best improve the security of systems and information at your firm. With a plan in place, you can make sure that your resources are spent on the highest priority actions.