Mossak Fonseca “has now become a poster child for the shortcomings of widely relied upon security solutions,” wrote Seclore chief executive Vishal Gupta, in an email to SCMagazine.com. “Unless data-centric security solutions capable of persistently controlling use of documents are in place, there is very little likelihood Mossak Fonseca, or any data breach victim, can remediate the damage done from this incident.”
According to Wikipedia, the leak has resulted in the release of 11.5 million confidential documents. These files provide detailed information about legal and financial dealings of more than 214,000 offshore companies listed by Mossack Fonseca, a Panamanian law firm and corporate service provider. The scale of the breach and the contents of the secret documents has implicated high profile individuals and corporations in the use of complex company structures to avoid taxes, launder money and circumvent financial sanctions.
On 6 April 2016 Ramon Fonseca, a partner at Mossak Fonseca, stated that the leak was not the outcome of an ‘internal job’ but was the result of a hack traced to servers located abroad.
In late March/ early April the company reportedly sent an email to its clients saying the security of its files had been compromised after “an unauthorised breach of our email server”.
How to protect your files against a Panama Papers style hack
The purpose of this post is not to analyse the cause of the leak, nor to provide commentary on the legal/ ethical nature of the leak, nor on the legal/ ethical nature of the practices used by Mossak Fonseca and its clients.
Data breaches do not only affect organisations using complex company and tax structures – they affect all organisations no matter their size. If other businesses are at risk, how can you protect your company and its data against a similar style attack? The answer largely lies with the use of ‘encryption’.
Encryption is a process that converts electronic data (for example a document file) into another form of data called ‘cipher text’. Cipher text cannot be easily understood by anyone except for authorised parties. This cipher text is understood or ‘decoded’ through the use of an encryption key, a ‘password’ of sorts that, when applied, presents the data in a way that can be understood/ accessed by other programs.
When your files are encrypted, no one can access, open or read those files without the encryption key.
CloudFileSync is a secure File Sync and Share solution that protects your files from being accessed or read by unauthorized users. Here’s how we do it:
- CloudFileSync protects your data with 256-bit AES encryption
- With CloudFileSync you set your own encryption keys for each storage drive, meaning your company is the only one to hold the keys to accessing your data. If your files are lost, leaked or stolen they are almost impossible to read without the encryption key
- Storing data across multiple encrypted storage drives further limits risk – even if hackers gain access to one drive, they cannot access all company data when these files are stored across multiple and separate drives
- Any data stored in CloudFileSync that is shared to multiple devices (desktop, laptop, tablet, smartphone) is stored in locally encrypted vaults on each device. Each of these vaults is accessed by a unique encryption key, protecting your data in the case of a phone, tablet or laptop being lost or stolen
Permissions Management and Access Controls
- Using the CloudFileSync Management Console Administrators can set and manage user and group permissions, granting staff access to only the files they need to get their jobs done
- This type of Role Based Access Control limits the impact of potential data breaches, because few staff members have access to all of the company’s data
Visibility, auditing and reporting
- The console also provides Administrators with visibility over which files are shared, who the files are shared with and which devices were used to access files
- Using CloudFileSync Administrators can also view user log in history, allowing for the detection of any patterns of unusual behaviour or access, helping to prevent breaches before they occur
- Although staff can use CloudFileSync to access and share workplace files on any device, including personal mobile devices, businesses are protected against data breaches by former employees thanks to the software’s Remote Wipe feature
- With remote wipe, IT Administrators can delete workplace files from desktop clients and cached mobile app data with a ‘one click’ remote wipe function
- Initiating the remote wipe function also instantly locks the CloudFileSync account to prevent future account access or file sharing
Don’t be the next Mossak Fonseca
By using a CloudFileSync, a secure File Sync and Share solution, and implementing permissions management and role based access controls, your company can avoid the experience of being the next Mossak Fonseca. Your data will always be protected, plus your staff will be more productive too.
Find out more about the features of CloudFileSync here.