Keep it Under Your Hat!

April 6, 2016

Pssst…keep this under your hat. You know the phrase, means that what I’m telling you is secret and you shouldn’t tell anyone…guess this didn’t work if you were wearing a “Panama Hat.”

Seems that a few documents got out…not that anyone noticed.  They’ve just been under review for about a year by the International Consortium of Investigative Journalists, the German newspaper Süddeutsche Zeitung and other media partners (See more here).

It’s not just emails, it’s files, documents, pdfs, and more.  A law firm that has a lot of international customers didn’t have a good governance policy in place.  Nothing was encrypted, nothing classified, everything exportable.  It’s a treasure trove of information, and the leak is being touted as the largest ever!  Roughly 40 years of this law firms’ data that’s a lot.

Although 2.6 terabytes sounds like a lot, if you’re an enterprise-sized company, that is a mere pittance.  Can you imagine how much information a bank or an insurance company has?  They thrive on data.  If every little piece of information got out, what would it do to them?

Having controls on your data so that you know what is going on in your environment is critical.  How did they not know that this information was getting out?  No matter how it was done, there should have been an indication somewhere.  And since everything got out, you know that there were no access controls.  Seems like they had some open or excessive access issues.  There’s no claim that it was a privileged account that had all this access, but even then, nobody should be able to access everything…nobody!

There’s only one sure way to keep a secret…don’t tell anyone…but, for corporations that’s not possible.  So, having policies and procedures to secure information is the very least you can do.  Maintaining vigilance with audits, reporting and strong oversight will provide more security.

Like the end of any good training video – “Don’t let this happen to you!”

Stay in the loop

Join our mailing list and get notified of the latest SPHEREinsights