Over the past weeks, the Panama Papers have been all over the news. These documents shed light on how billionaires and large corporations are able to hide assets and avoid taxes, but there’s another important point that many people tend to miss – they show exactly how important IT security is.
The information found in the Panama Papers is highly sensitive and was guarded closely by Mossack Fonseca, the law firm that owned it. However, their security wasn’t diligent enough to keep somebody outside the organization from obtaining and distributing it. While we don’t know exactly how the security breach occurred just yet, we do know that their security was lacking in several key areas.
As a small- or medium-sized business owner, this should terrify you. Reports estimate that over 11.5 million files consisting of about 2.6 terabytes of information were stolen without anybody noticing. Stealing the amount of information that your company stores would be trivial in comparison.
To alleviate your fears, we’re going to take the time below to discuss exactly how Mossak Fonseca failed to protect its valuable information, and what precautions you can make to avoid the same fate.
According to Wired UK, one of the biggest vulnerabilities of Mossak Fonseca was their client portal. It ran on an obsolete version of SSL, leaving it open to a variety of known attacks. Shockingly, the last time it was updated was back in 2013.
You need to take your customer’s privacy as seriously as possible. Any client-based portals must be updated regularly to protect from known and unknown threats. The longer it goes without an update, the more vulnerable it is.
Another important failure of Mossak Fonseca’s was an inability to secure their email servers. Their email servers were just as obsolete as their client portal, running a version of Outlook that hadn’t been updated since 2009. Worst of all, they failed to encrypt outgoing emails, which left every single email they sent vulnerable.
In order to make sure your email is safe, your email server needs to be professionally managed and updated the second patches come out. Outgoing mail must be properly encrypted and incoming mail needs to be scanned for threats.
Due to the volume of information stolen, it’s unlikely that a single user was at fault. However, internal employees are still one of the biggest security risks at your company. If their passwords are easy to guess or left out in the open, a brute force attack is rudimentary, and any information they have is accessible to anybody who wants it.
To completely secure your organization, you need to make sure your employees are trained and capable of dealing with security issues. This means managing their passwords appropriately, being able to recognize phishing attempts, and handling sensitive information carefully.
If you want to avoid experiencing a disaster like the Panama Papers at your own business, you need to take the time to develop the right strategies and process. If you need help with that, your best bet is reaching out to your local Eastern Tennessee experts here at Solomon IT Consulting. We have the experience necessary to help secure your website, client portals, emails, and employees.