This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Experts worldwide are calling the data breach surrounding the so-called Panama Papers—more than 11.5 million documents detailing how hundreds of wealthy people hid money in offshore banks and investments to avoid paying taxes—the biggest data breach in history.
It’s a stark lesson for HR and IT professionals working in law firms about keeping data more secure.
Panamanian law firm Mossack Fonseca suffered a data breach of astronomical proportions when a hacker broke into the firm’s servers, stole millions of e-mails and PDFs, and then sent them to the press, the law firm has announced.
The papers reveal how tens of thousands of people, including high-ranking politicians, their families, celebrities and wealthy citizens of more than 40 countries, hid trillions of dollars in order to avoid paying taxes.
Fallout over the Panama Papers has been swift. After numerous protests, Iceland Prime Minister Sigmundur David Gunnlaugsson reportedly stepped down after the papers revealed he lied about hiding millions in an offshore company.
No one knows who stole the documents. The person who hacked into Mossack’s servers and released the information has remained anonymous. The law firm says it was an external hack.
“We rule out an inside job. This is not a leak,” Ramon Fonseca, one of the firm’s founding partners, told Reuters news service. “This is a hack.”
German newspaper Süddeutsche Zeitung spoke to the hacker. It writes that “the source wanted neither financial compensation nor anything else in return, apart from a few security measures” to protect how he or she revealed the information—including communicating with the press via encrypted messages.
HR and IT professionals who work at law firms must be especially cautious about protecting client data.
Last year, the American Bar Association reported in its Legal Technology Survey that 1 in 4 firms with at least 100 attorneys have experienced a data breach. The breaches were blamed on hackers, website attacks, or stolen or lost smartphones or computers. Last week, cyberthieves broke into two New York law firms that represent Fortune 500 companies and banks on Wall Street. U.S. federal investigators are examining the data breaches at Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP.
It is unclear what was taken in those breaches.
“Law firms represent a lucrative cache of data that makes them incredibly attractive to cybercriminals,” Mark Sangster, vice president and industry security strategist at Canadian-based computer security company eSentire, told SHRM Online.
“There are some law firms with excellent automated and adaptive cyber defense capabilities, but many are stuck in the dark ages of wigs, candles to read by and quill pens to write with,” Phillip Lieberman, president of Los Angeles-based Lieberman Software, told American Lawyer.
Law firms need to do a better job with security, experts said.
“Until now, the legal industry has generally operated within a loose set of cybersecurity guidelines,” Sangster noted. “However, quickly, we expect to see hard-line compliance rules and fines come to firms with substandard cybersecurity defenses in the future.”
In some cases, it’s already beginning. Just last year, SHRM Online reported that the Federal Trade Commission can sue companies that experience data breaches.
“Long story short, if you want to keep something confidential, don’t put it on a computer, specifically one connected to the Internet,” Dodi Glenn, vice president of cyber security at PC Pitstop, told SHRM Online. His Sioux City, Iowa-based company develops security software.
“The very second you do that, you can assume the data can be purloined.”
Aliah D. Wright is an online editor/manager for SHRM. Follow her on Twitter @1SHRMScribe or Facebook.com/aliahwrites.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies