legal sealpath

In recent weeks Panama has been on everyone’s lips as a results of the so-called ‘Panama Papers’ scandal, which concerns more than 11.5 million documents – e-mails and records – of the Panamanian law firm, Mossack Fonseca, which show how thousands of people hid their assets through offshore companies in tax havens.

The documents that have come to light contain information relating to more than 214,000 “offshore” businesses, rocking all of those involved, who range from international leaders such as the Russian president, Vladimir Putin, the Argentine president, Mauricio Macri, to actor Jackie Chan and footballer Leo Messi, among a long list other prominent figures from the worlds of politics, culture, sports, economy, high society, etc.

On 29 March, the Wall Street Journal itself went public with regards to the Cravath and Weil Gotshal law firms, which, among others, were attacked by hackers who managed to break into their corporate networks. Crain’s Chicago Business reported that 48 law firms were among the targets of a Russian hacker who was searching for information about businesses’ mergers and acquisitions agreements. He was discovered seeking the assistance of other hackers in order to break into the firms’ systems.

In recent years, the most common attacks have targeted banks, in order to obtain credit cards numbers and e-mail addresses which could then be used to make fraudulent purchases or defraud customers. However, these most recent attacks on law firms are looking for more sophisticated types of information: confidential information of corporate clients, which may included business mergers and acquisitions still under negotiation.

Presumably in relation to these attacks, the FBI has recently notified law firms that a group associated with cyber-crime is targeting international law firms with the aim of obtaining private information, they would then sell that information to a criminal, with stock market experience, who knows how to strategically plant purchase and sale offers and gain significant profit.

The attacks on these firms are raising levels of concern among clients and, therefore, the companies are feeling pressure from those clients to strengthen their defences. Some clients are even sending their own security auditors to the firms to carry out inspections.

The law firms possess sensitive client information and are responsible for its monitoring and safekeeping. Law firms also need to have as much information as possible about their clients in order to be able to do their job well. For that very reason, these types of businesses are forced to adopt the most advanced technology in terms of information security if they don’t want all of the work they do on behalf of their clients to unravel.

Although, in the world of sport they say “Attack is the best form of defence”, that is why, whether it is a law firm or any other type of business, they must all have a security system that covers, at the very least, the most basic requirements. Hackers are aware of, and take, every measure available to gain entry into systems and, once inside, there is nothing to stop them taking every piece of information they want. Perimeter security is not enough. It is vital that security strategies involve an approach centred on the information, with the files taking security with them wherever anyone, good or bad, wants to take them.  As such, every single type of file and piece of corporate information must remain guarded at all times and from any device, that is why solutions such as IRM (Information Rights Management) are an absolute necessity.