Another week, another hack hits the headlines. The recently released Panama Papers leak has been getting a lot of international attention as it details exactly how the rich and powerful have been using offshore companies to avoid tax.

In terms of total volume of information breached, the Panama Papers is the largest breach ever, with hackers stealing an incredible 4.8 million emails, 2.2 million PDFs and a total of 2.6TB of data.

With many countries starting tax investigations on the back of it and numerous world politicians, including David Cameron and Vladimir Putin, caught up in the scandal, this is a pretty juicy leak that looks set to stay in the news for quite some time.

where intermediaries operate

How it happened

The hack occurred at a Panamanian law firm called Mossack Fonseca. It’s the world’s fourth largest provider of “offshore financial services”, such as trusts and companies.

The leak happened over a year ago and was kept a secret by the International Consortium of Investigative Journalists until they had enough time to go over the details. All of the information released apparently came from a single anonymous source.

While the details aren’t clear, it appears the leak was a result of an email breach from an outsider, as confirmed by Mossack Fonseca.

Although no one knows exactly how the emails were breached, tests performed by security professionals have shown Mossack Fonseca was not using Transport Layer Security profiles to encrypt their emails.

ssl flow

With such a large amount of data taken, it seems likely that the law firm’s entire server was compromised rather than merely an individual email account.

Protecting your data

Although the Panama Papers hack offers an interesting twist on the ethical debate regarding hacking and breaches, from Mossack Fonseca’s perspective it’s clear an immense, and possibly critical amount of damage has been done – Certainly highlighting the importance of data security.

While it’s essential to have the best security software and measures in place to stop hackers gaining access to your systems, it’s usually small chinks in a company’s armor that are most damagingly exploited. A single click by an unwary employee on a link enabling a malware infestation can be all it takes to bring down a company. That’s why employee monitoring software can be such a useful addition to your business’s first line of defense.

Monitoring solutions scan be installed remotely onto all company devices and monitor all employee internet and application usage. Crucially it can monitor critical files and alert managers whenever any of these is accessed or copied, giving a heads-up that something suspicious may be afoot.

Over to you

Do you have any tips for protecting valuable data? Let us know in the comments section below.