Few data breaches in history provide insight on the secrecy of the elite as consummately as The Panama Papers – a collection of data-leaked information from Panama-based, corporate-service-providing law firm, Mossack Fonseca. After an anonymous source shared over 11 million leaked files with the International Consortium of Investigative Journalists (ICIJ), the financial dealings of 214,000 offshore companies took center stage in headlines of the Wall Street Journal and The New York Times—tracing billions of dollars to a financial web involving over 140 politicians and notorious public figures, including Vladimir Putin, the Prime Minister of Ukraine, and the king of Saudi Arabia. Although the fiscal and political interworking of the data breach has been thoroughly covered, it’s also worth examining the Panama Papers in a holistic, organizational perspective: One in which information security isn’t enough if accountability can’t be ensured through document management software and similar enterprise software. Keep reading to see why.
10. Lack of Ethical Accountability, Not Just Data Breach, Ruin Organizational Image
Although criminal intent and action are yet to be fully evidenced in the Panama papers, they may very well reveal new issues concerning ethics in the enterprise. The invoices and documents comprising the Panama Papers already suggest there may be many unseen victims in the web of information they’ve imparted. Any internal process that ensures accountability via workflow, traceable tasks, and easy auditing (such as document management software) ensure the accountability that Mossack Fonseca failed to implement.
9. Collusion and Secrecy No Longer Stand a Chance Against Faultfinders
The Panama Papers are clear proof that if a governing or regulating authority doesn’t unveil questionable ethical behavior, a faultfinding, investigative journalism team will. The Panama Papers incident is further proof that organizations colluding against regulatory authorities will eventually be discovered and penalized – even amid the most elaborately planned, insidious attempts to conceal information: Organizations may as well learn to play ball compliantly. In fact, the Organization for Economic Cooperation and Development, as quoted in the Wall Street Journal, noted that the Panama Papers signal the end of tax sheltering, predicting that Central America will nix the secrecy laws that lead to events like The Panama Papers.
8. Even Lengthy Data Breaches Can Go Undetected
The ICIJ had been on the case of the Panama Papers since early 2015, spending over a year harvesting and analyzing the data procured from Mossack Fonseca prior to the debacle’s media release. Eddie Sheehy, CEO of Nuix, the e-discovery product the ICIJ used to procure the Panama Papers Information, noted that even by investigative journalism standards, the trove of information procured was immense, and took a very long time to uncover. Despite the length of time the ICIJ spent investigating the matter, Mossack Fonseca remained unwitting of the investigation.
7. Defensible Deletion of Information is Crucial
The ICIJ reported that Mossack Fonseca actively destroyed information that would have justified the U.S. Department of Justice’s investigation. However, the automated retention and deletion features of document management software, as specified correctly by their users, uphold deletion of certain information as defensible in the court of law, therein reducing clutter and improving the findability of documents. However, if an organization disposes information in any other way and without sufficient reason, it can raise questions regarding the intent behind the information’s destruction.
Content Management Does Not Equal Document Management
Although content management platforms and document management software are sometimes used interchangeably, they are inherently very different technologies with different scalabilities and purposes. Allegedly, Mossack Fonseca utilized outdated versions of content management systems like WordPress and Drupal—further strengthening the argument against open source software and the use of content management software for enterprise-grade security in general.
5. Open Source Platforms Can Be Risky
Mossack Fonseca relied on open source security to control its sensitive information. Although many Linux enthusiasts champion open source software as a software and security panacea alike, without ironclad IT policies set in place, an organization will usually struggle to maximize the security bandwidth of any open source software – even if the up-front costs of open source platforms may seem attractive in comparison to their closed source counterparts.
4. Encryption is King
Like many breaches, the Panama Papers incident involved the leaking of sensitive, unencrypted email content, leaving an open lane for the breach to occur. Most do not realize that email is relatively unencrypted, especially in contrast to the available enterprise technologies today. Between an email’s sending point and receiving target, the information makes several stops, at which its content is breach-able. Document management software’s client sharing portals sidestep this issue—keeping information secure at all points of interchange—whether at rest or in transit.
3. The Cloud Can Help Circumvent Enterprise Data Breaches
No, Mossack Fonseca wasn’t relying on a cloud-based service to manage its information security. In fact, the proverbial cat and mouse game occurring between those who encrypt and the denizens of data breach, may very well end with closed source, cloud-based technologies offered in the form of document management software—assuming they are adopted in mass by the organizations in need of them. Many document management software vendors function as cloud service providers, staying privy to the interworking of data breaches—taking the security of your organization’s information seriously, and for good reason: It’s how they make their money.
2. There Is Such a Thing as a ‘Good’ Data Breach
Since The Panama Papers breach revealed potentially illegal acts committed by a large group of powerful individuals, it falls under the category of a ‘good’ data breach. However, over 90% of data breaches are negative. Therefore, the Panama Papers breach should not invoke strategies to circumvent authorities, but rather finding the means to comply with them as cost-effectively and as quickly as possible. Although this data breach revealed questionable organizational practices, decryption efforts do not work so auspiciously and in favor of the law as they have in The Panama Papers incident. Most data breaches involve the compromising of sensitive customer information, which frequently contributes to heightened incidence of identity theft—putting organizations who leave their customers’ information unsecure in check.
1. Without Document Management Software, Data Segmentation is Necessary
Although document management software and similar business software offer a safe, centralized repository for all an organization’s information, in the event this organization opts out of using document management technology, the next safest bet (which is still relatively unsafe) is to segment all information into different repositories—diversifying the location of sensitive information, and, therefore, decreasing the possibility that sensitive information can be breached in its entirety from one point of presence. To learn more, investigate how you can bulletproof your organization from data breach today.