Could the Panama Papers have been avoided by better information management?
At the start of April, the world became familiar with two words that have previously spent very little time together in a sentence: Panama Papers. The data leak that shook the globe came from Mossack Fonseca – the fourth largest offshore law firm in the world.
A huge 2.6 terabytes of data in 11.5 million files were leaked by an anonymous source (thought to be an employee) and first published by the German newspaper Suddeutsche Zeitung. The publication then shared the files with the International Consortium of Investigative Journalists, and the result soon became known as the Panama Papers.
A huge 2.6 terabytes of data in 11.5 million files were leaked by an anonymous source.
So what, right? As long as these files are backed up, that won't have too much of an impact. Well, in the world's biggest example of how precious information can be (and how important data management has become), the files contained proof that some of the world's most wealthy people have been avoiding tax through the Central American country – a known tax haven.
Among these were Russian President Vladimir Putin, Icelandic Prime Minister Sigmundur Gunnlaugsson, China's leader Xi Jinping, and British Prime Minister David Cameron, who admitted to having around a AU$60,000 stake in his late father's offshore fund.
The scale of corruption from the world's political elite is on a scale we've never seen before. So what went wrong? No doubt the freedom of this information is a good thing for the general population, but could anything have been done to avoid such a compromise of information, and what lessons can businesses learn about their own data security?
Data at risk – so why don't we care?
As our reliance on digital information has grown, so too has the risk of data security. No longer does someone have to walk out of an office with a filing cabinet of sensitive data, they can subtly take what they need on a USB.
Last year, the average cost of a data breach was $3.8 million.
The internet is also a brand-new window of opportunity for hackers to break into an organisation and pilfer valuable records. As the Panama Papers show us, however, it's not just the value of the data that's being lost, but reputations can be forever damaged, and there could be notable compliance issues too.
IBM research shows how this problem has swelled – and continues to do so – in the modern day. Last year, the average cost of a data breach was $3.8 million – a massive 23 per cent increase on 2013's figures.
Imagine if you had $3.8 million in your bank account, and you knew your accounts department left your internet banking open and ready to use day and night. They left blank cheques everywhere and were prone to use their business credit cards for the weekly supermarket shop. You would act quickly to stop that from happening; so why is information being treated any differently?
The cost to an organisation directly from each lost or stolen record grew from $145 to $154 in this brief, two-year period. Where it will go today is anyone's guess, but our bet is on it increasing again – and again, and again.
We wouldn't want the same to happen to our hard-working clients. So, how do you prevent inadvertent or deliberate compromise of your data? We think there are three essential steps that any director, executive or even shareholder can take.
3 steps to keep your information safer
1) Understand what your organisation does
If you're not ready for data loss, the first thing to do is ascertain what your company does at its core. We've spoken to an insurance company who answered in the same way many others would – they work in risk, providing cover for people and businesses at a premium.
So, basically what they didn't say is they're an information management company. It might seem an easy question to answer, but look at the very basic components that make up your business, the assets you use every day, and you have a good starting point.
The cost to an organisation directly from each lost or stolen record grew from $145 to $154.
2) Ask yourself what information you have and which of it is vital
From the first step, we can look more closely at what data is running around the business, which of it could land you in a sticky situation if it was lost and which of it is useful in other ways.
For instance, if documents related to your legal obligations were lost, it could cause a serious and expensive compliance headache further down the track. Outside of the realms of legality, oil and gas companies may find the blueprints for machinery missing or discarded too early, meaning they could have a substantial reverse engineering project should they have to fix it or build another.
3) Work out who can and absolutely can't see that information
Once you know who can and can't see what information in your organisation, you can start allowing and restricting access. This involves putting in place the policies, behaviours and technologies that's required in order to provide access to the people who need to see that stuff and restrict access to those who shouldn't.
There also needs to be information governance, and someone who is responsible and accountable for data management – much like a chief financial officer is accountable for the organisation's money. They are the basic building blocks to better data management, though lose nothing in their effectiveness because of that.
You can do more
To find out more, we have a free white paper on how you can treat Information Assets like you do your financial resources. Click the image below to check it out.
The Panama Papers was an incredible breach of information, though one that might have been necessary if it teaches businesses how essential it is to protect what might be their most valuable assets.