Lepide Blog: A Guide to IT Security, Compliance and IT Operations

The Panama Papers – What we know so far

panamaleaks

Unless you’ve been living under a rock you will have undoubtedly have heard of the Panama Papers leak that has affected many of the world’s rich and famous. Now that the immediate aftermath of the biggest data leak in history has passed, and more details concerning the leak have been revealed, it would be a good time to go through what actually happened and why it is important.

The leaked papers, of which there are over 11 million, date back over 40 years and belong to the Panama based law firm, Mossack Fonseca. Audits carried out in 2015 reported that the company knew the real owners of less than 2% of the companies it has incorporated in the Seychelles. Essentially, the company has become a haven where the wealthy can avoid tax through anonymous shell companies and offshore accounts. Those implicated in the Panama Papers include Russian President Vladimir Putin, Barcelona star Lionel Messi and our own Prime Minister David Cameron – albeit through his father, Ian.

One small caveat…

I feel it’s probably important to note at this point that – mainly because every news article seems to be doing it – that the people affected in the papers may not have been breaking the law. There are, it seems, legitimate reasons for people to use companies like Mossack Fonseca – estate planning and inheritance rules, for example. Over the next few weeks details may well be revealed that shed more light on this matter but until then I shall avoid using the word ‘guilty.’

So what actually happened?

The prevailing theory at the time of writing is that the leak originated when Mossack Fonseca’s email server was breached last year. The company have since sent an email to all their employees saying that they were going to investigate the breach and “take all necessary steps to prevent it happening again.”

As well as potentially exposing a number of illegal activities (still not using the word guilty) the Panama Papers leak has another significant benefit – reminding the world how important it is to safeguard sensitive company data.

Don’t get caught out!

To the modern business, data is the most valuable asset – if it gets into the wrong hands, you’re in trouble. Despite this it’s really surprising how many organizations don’t have adequate processes and tools to keep track of access and monitor access rights.

What tends to happen is much more reactive. Often driven off the back of the recognition of a data breach or data leakage incident. Surely prevention is better than cure? Given that for under the price of a mid-range server you can acquire a solution that offers automated 24×7 auditing, monitoring and real time alerts if any file or folder is copied, modified, deleted with just a few clicks – why take the chance?