While there are many good reasons to discuss the Panama Papers, it must also be recognised that this is one of the biggest data leaks ever. 11.5 million documents and 2.6 terrabytes of data have been pulled from Mossack Fonesca's systems. That's a frightening amount and should give all client facing professional services businesses pause for thought. Of course there are the ethical and moral issues as to who and why certain individuals were using these offshore structures, but it should not be overlooked that the documents themselves are stolen property and contain significant amounts of personal data. 

These illegally obtained documents have been widely shared and published across the globe. Any media outlet or public commentator will need to be careful as to what they allege when commenting on the documents. The potential for defamation litigation is massive. 

Cyber security experts must be rubbing their hands in glee at the prospect of the fear this will create for professional services firms.  With all the potential access points for data breaches to occur through smart phones, virtual log ons, weak password controls etc. it makes one wonder - will we need to revert back to paper and locked cabinets as the easiest way of ensuring our sensitive and personal data is secure?

Security experts are advising professional services firms to review their security procedures in the wake of this breach. This includes encrypting sensitive data, using access and password controls and carrying out monitoring for unauthorised access.  Our ISO 27001 consultant Brian Honan recommends a review of where exactly your client data is located and to then carry out a risk assessment of each location and device. 

It must be said again that your employees are you biggest potential cyber breach risk. There is a huge question mark as to whether it was an insider in Mossack Fonesca who leaked the data. To reduce these risks employees should be trainied on spotting potential breaches, handbooks and policies should be reviewed for security risk language and access controls should be put in place. 

Don't be next Panama Papers - failure to prepare means preparing to fail!