From Huffington Post
The data breach at the law firm of Mossack Fonseca in Panama sent shock waves around the world recently with the prime minister of Iceland stepping aside, Swiss authorities raiding the headquarters of the Union of European Football Associations, and relatives of the president of China linked to offshore companies. The size of the breach was also shocking with 2.6 terabytes of data leaked. That’s 30 times bigger than the WikiLeaks release or the Edward Snowden materials. However, the most shocking part of the “Panama Papers” story is that the breach and exploit of the popular open source project Drupal was totally preventable.
Everyone knows that law firms manage large amounts of highly sensitive information. Whether the data involves an individual’s estate plan, a startup’s patent application, or a high-profile merger and acquisition, clients expect their information to be secure. Indeed, lawyers are required to keep this information both confidential and secure. Yet, despite the very high level of security owed this information, many firms lack an IT staff and outsource the creation and maintenance of their data management and security services. Once outsourced, there is an assumption that someone else will effectively manage the data and ensure its security.
This is many firms’ first mistake. Even if they aren’t managing their own IT, law firms still have an obligation to make sure that data is properly secured. This means asking frequent questions about security and ensuring that the vendor is implementing reasonable security measures.