Reports on the so-called Panama Papers have focused on the tax affairs of wealthy individuals and the businesses that help them avoid tax, but the hacking of client files at law firm Mossack Fonseca should sound a warning for every business.
It was the largest leak in history, involving some 2.6 terabytes of data, and has affected well known companies and high profile people around the world, including our own Prime Minister. It should sound a warning bell to any businesses that don’t treat cyber-security with the same degree of concern as legal, regulatory, financial or operational risks.
“This was a major incident, involving high profile individuals from many countries and global organisations, but every business, however large or small should learn from it,” said commercial legal expert Geoffrey Sturgess of Warner Goodman solicitors in Southampton.
“Protecting company data from attack is not just about keeping your trade secrets safe, it’s just as much about protecting your reputation, your employees and your future competitive edge, as well as keeping inside the law. It’s not just web bandits that you should worry about, the risk is just as likely to come from current or previous employees or competitors.”
Last year a UK manufacturing company had design blueprints stolen. They launched an investigation when a competitor released equipment which was extremely similar to their own, established that they had been subject to a targeted cyber-attack, and that the stolen blueprints had been sold to Chinese-owned companies. The infiltration was achieved when hackers targeted a job-seeking chief design engineer, who unwittingly downloaded malware through an email, after responding to a fake online recruitment advertisement designed specifically to trap him.
Morrisons supermarket is reportedly being sued by more than 5000 of its employees, after personal and financial details were posted online by a disgruntled ex-employee.
“It’s a very important issue for every business, large or small,” added Geoffrey. “Electronic data is as much a valuable commodity to criminals and investigative journalists as it is to you. Protecting your data should be a top priority. Increasingly, large companies are asking those in their supply chain to promise that they are compliant with data privacy laws, and demonstrate that compliance.”
Company directors need to ensure they their companies are meeting the requirements of the Data Protection Act 1998 which, in 2018, will be replaced by the much tougher EU General Data Protection Regulation, as well as looking after their valuable commercially confidential information.