Last month one of the largest data leaks in history occurred when 2.6 TBs of emails and data from law firm Mossack Fonseca made the headlines. Dubbed the Panama Papers, the leak revealed the law firm’s work setting up shell corporations for hundreds of world leaders, celebrities, and the global elite to hide funds from the tax-man. Since the leak, there has been political fallout, backlash, and even the prime minister of Iceland tendering his resignation. But politics aside, the leak also reveals a glaring fact that successful firms, which are supposed to place high values on customer data and privacy, still make fundamental errors with IT security.
In light of the headlines, Microsoft took an opportunity today to remind IT pros of some lessons from the Panama Papers leaks. The Office Team stresses “Whether you believe the Panama Papers leak was a good or bad thing, a more important question remains: What can IT security professionals learn from this?” They then go on to make three important recommendations for companies to be more careful with their data, specifically with emails, which was the source of the Panama Papers leak.
Their three tips are:
- Encrypt important emails—When email encryption is not part of a business’s security measures, hackers can easily intercept emails and read them. Any information contained in these emails or attachments can help hackers gain further access into a company’s network.
- Create a business culture of security—Be sure that all employees are aware of the risks of lax data security and help them recognize suspicious requests and phishing schemes. Hacks often occur because a hacker finds just one “in” that leaves the network vulnerable. This “in” can be as simple as a stolen email or portal password. Hackers can then send emails from an internal account and make IT requests that sound legitimate. From there, they can potentially breach the email server and obtain access to all incoming and outgoing attachments, burrowing deeper into the network until they’ve reached the information they want to find.
- Choose a secure email service with impressive security features—This means selecting a service that promotes business communication while actively protecting sensitive information. It should have built-in defenses against viruses, spam and phishing attacks. Deep content analysis should identify
y, monitor and protect data, thereby preventing data loss.
Data leaks and whistleblowers can lead to substantial social policy reform. So on the one hand, you might now want to read about how to prevent them. But if a law firm specializing in international secrecy and privileged client information can’t even get email encryption right, just think about how many reputable and noble businesses of every size are also not paying attention to these basic security concerns. The Panama Papers certainly won’t be the last substantial leak, and personal information will continue to be exposed by either companies’ or individuals’ neglect of best practices. Hopefully, taking the time to learn lessons from each data breach will encourage more attention on the matter and creative solutions in the future.