Blog

Share this

Share to google+1 Share to Facebook Share to Twitter Share to linkedin

April 20, 2016

The Panama Papers: How to Handle a Data Leak

The Panama leak included 11.5 million confidential documents, with the data revealing how dozens of prominent individuals in over 40 nations utilised offshore companies to conceal income and avoid paying taxes.

Computer World reported on the email hack that Panamanian law firm Mossack Fonseca recently experienced, which resulted in 2.6 terabytes of leaked data being released into the public domain.

Panama Papers

This major data leak became a big news story worldwide, with over a hundred new organisations filing reports based on the release of the Panama Papers. It is unclear how Mossack Fonseca’s emails were hacked, but tests indicate that the company did not encrypt its emails with Transport Layer Security protocols. The Panamanian law firm has so far responded to the scandal, which only seems to get worse by the day, by insisting that it has not done anything wrong.

Data leakIn a statement, the firm said: “While we may have been the victim of a data breach, nothing in this illegally obtained cache of documents suggests we’ve done anything wrong or illegal, and that’s very much in keeping with the global reputation we’ve worked hard to build over the past 40 years of doing business the right way.” Mossack Fonseca also noted: “Obviously, no one likes to have their property stolen, and we intend to do whatever we can to ensure the guilty parties are brought to justice.”

Data leaks and reputation

Mossack Fonseca’s response to the Panama Papers illustrates that data leaks can inflict significant damage on your company’s reputation. Because this scandal involves high profile individuals, it was inevitable that it would be picked up by national press. Once picked up, the media generated was always likely to rank on the first page of Google, as well as remaining there for the foreseeable future.

Increasingly, organisations are coming to see cyber-crime as a real threat. For instance, 79% of UK universities questioned by Vanson Bourne said that they have faced reputational damage due to a data leak. A report from Google and McAfee suggests that there are roughly 2,000 cyber-attacks globally every day, costing the worldwide economy around £300 billion per year.

Cyber-attackers are developing new, ever-more effective strategies to hack into your company’s digital infrastructure and leak your private information. Even something as simple as staff negligence or an ex-employee with a grudge can provide them with the opening to facilitate a data leak which damages your image online, so it is wise to ensure your company can handle the fallout.

Handling a data leak

With cyber-crime rates rising every year, it is more important than ever that you develop a strategy, which you can roll out if your company experiences a data leak. Top industry experts recently recommended in the Digital Guardian that you take the following steps.

  • Locate the source: First, find the root of the issue so you can begin dealing with it. It may be possible to employ engineers to utilise forensic techniques, so they can analyse your online assets’ traffic volumes and use this information to locate the source of the breach.
  • Act with transparency: It is vital that you act transparently and sincerely after a data breach. Consumers highly value honesty, so if you fail to admit fault and accept responsibility, you will engender mistrust which could further damage your image online.
  • Provide detailed explanations: On the subject of transparency, hold nothing back. When informing the necessary parties of a data breach, explain fully why the situation took place, so you can detail how you will fix the problem and regain consumer trust.
  • Mitigate and change: Make conclusions from the data breach and use this information to describe solutions for affected consumers where possible, to stem the flow of negative press. Afterwards, implement changes to ensure that the problem does not reoccur.

Minimise the risk

Be pro-active and implement the following preventative measures ahead of time, to reduce the risk of a cyber-hack.

  • Prepare in advance: Identify which of your company’s data systems are most vulnerable to cyber-crime. Armed with this information, you can implement the protection measures necessary to ensure they withstand cyber-attack efforts.
  • Implement encryption: Safeguard your company’s private information via encryption codes to bolster your cyber-security. Some encryptions can blind certain gateway security products, but your team can utilise encrypted network transmission tools get around this issue.
  • Monitor information: It is essential that you assign staff to monitor all the information which flows into and out of your company to reduce the chances of a data leak. In particular keep track of what information is being shared with consumers, suppliers and partners, as well as the traffic on all your firm’s networks, to identify cyber-breach risks.
  • Facilitate network security: Web and email are two of the most common means through which cyber-criminals access your business’ vulnerable information. It is key that you invest in network security which covers these areas, to ensure that you safeguard your company’s reputation from hackers.
  • Bolster endpoint security: Employees are increasingly utilising mobile devices to do their jobs. It is wise to ensure that your firm can monitor and control any devices connected to your corporate network centrally, so staff can work away from the office without putting your private data at risk.

Safeguard your company’s reputation 

With the Panama Papers scandal showing no signs of dying down, it is clear that data leaks can be disastrous for your company. Be pro-active and be prepared; by developing a comprehensive strategy to handle data leaks, you will be able to act instantaneously to limit the damage a cyber-attack could inflict on your firm’s reputation online.

For more information on online reputation management and cyber-security matters, please contact me on +44 (0)203 542 8689. You can also email me at simon@igniyte.com in confidence.

Subscribe to blog updates

Send message