3 things businesses can learn about email security from the Panama Papers hack

In today’s IT environment, data breaches are a constant threat. According to Gemalto’s 2015 Breach Level Index, last year 1,673 data breaches around the world led to 707 million data records being compromised. And though email has come a long way over the last decade, it’s still one of the greatest threats to data security.

We don’t have to look far to see what kind of damage hackers can do when a business does not ensure secure email. In what’s being called “the biggest leak in whistleblower history,” the Panama Papers hack made international headlines last month. This hack enabled 2.6 TB of data to be stolen through the email servers of Mossack Fonseca, a legal firm based in Panama City.

The stolen data gave information about offshore bank accounts and shell companies used by prominent people worldwide to avoid taxes or conceal their wealth, according to “The New York Times.” The hacker then communicated with a German newspaper regarding the confidential files, expressing his or her interest in exposing the data. Once the newspaper realized how much data was involved, it contacted the International Consortium of Investigative Journalists, which has coordinated other tax haven mega-leaks in the past. Together, they released the information to the public.

So how did the hacker get access to the legal firm’s email servers in the first place? According to ITPro, security and privacy expert Christopher Soghoian ran a test showing Mossack Fonseca did not follow Transport Layer Security (TLS) protocols for email encryption. Whether you believe the Panama Papers leak was a good or bad thing, a more important question remains: What can IT security professionals learn from this?

Here are three tips for ensuring secure email:

• Encrypt important emails—When email encryption is not part of a business’s security measures, hackers can easily intercept emails and read them. Any information contained in these emails or attachments can help hackers gain further access into a company’s network.
• Create a business culture of security—Be sure that all employees are aware of the risks of lax data security and help them recognize suspicious requests and phishing schemes. Hacks often occur because a hacker finds just one “in” that leaves the network vulnerable. This “in” can be as simple as a stolen email or portal password. Hackers can then send emails from an internal account and make IT requests that sound legitimate. From there, they can potentially breach the email server and obtain access to all incoming and outgoing attachments, burrowing deeper into the network until they’ve reached the information they want to find.
• Choose a secure email service with impressive security features—This means selecting a service that promotes business communication while actively protecting sensitive information. It should have built-in defenses against viruses, spam and phishing attacks. Deep content analysis should identify, monitor and protect data, thereby preventing data loss.

Don’t let your organization become one of 2016’s data casualties. Do everything possible to avoid Mossack Fonseca’s fate and protect your—and your customers’—sensitive information through top-notch email security.

used with permission from Microsoft Office Blogs