News// May 2016

The Panama Papers: A Cybersecurity Wake-Up Call for Law Firms

Recently, the news has been filled with stories about the Panama Papers, an unprecedented leak of 11.5 million files from the database of one of the world's largest law firms, Mossack Fonseca. Although most of the attention around the leak relates to the content of the leaked information (primarily how the rich exploit secretive offshore tax regimes), much can be learned about how this information may have been leaked and its implications.

The Panama Papers is one of the largest leaks in history. The amount of information leaked occupies 2.6 terabytes. By comparison, the US diplomatic cables released by WikiLeaks in 2010 occupied 1.7 gigabytes, or 0.0017 terabytes.

Mossack Fonseca has yet to discuss specifics about the leak so we do not know whether this leak was internal, such as a disgruntled whistleblower, or external, from a sophisticated cybercriminal. Either way, the Panama Papers should serve as a reminder that all law firms are valuable to cyber-attacks.

A survey by Attorney at Work confirms this clear vulnerability, which can no longer be ignored. Only 20 percent of those surveyed responded that they were "very" confident with their firm's ability to manage cybersecurity and the biggest cybersecurity concern was sensitive client information being stolen, which should come as no surprise, as law firm computers are generally less secure than government or business computers. Highlights from this survey can be found Here.

In the event of a cyberattack, only 22 percent of those surveyed said their firm had cyber insurance coverage. Of that 22 percent, it is likely that not all are actually covered. A recent UK government survey revealed that 52 percent of CEOs were confident they had cyber insurance, when less than 2 percent actually did.

To prevent an attack, simple actions like encryption of flash drives and email are a no-brainer, but only 27 percent of those surveyed routinely encrypted flash drives and 44 of those surveyed did not even know how to encrypt email. Because of the large storage capacities of flash drives and email, failure to properly encrypt could leave a firm exposed to a large leak of information.

Cybersecurity is not just on lawyer's minds, their clients are worried about it as well. 39 percent of those surveyed reported that clients were specifically asking about cybersecurity. With information leaks becoming more and more frequent and publicized, law firms must prioritize cybersecurity to avoid becoming the next Mossack Fonseca.