Wikileaks is probably one of the most well-known examples for this - but there are many other good examples of leaked or stolen data.
In April 2016 another incident occured under the name “Panama Papers” that rocked the international press and corporate landscape. An anonymous whistle-blower provided the German Newspaper “Sueddeutsche Zeitung” with around 2.6 Terabyte of information on how private individuals, politicians and companies avoid taxes and launder money. (read more here)
After the International Consortium of Investigative Journalists (ICIJ) did research for almost one year over one hundred newspapers, tv-stations and online media published the results. This of course was not only embarrassing for the persons and corporations involved. But there was also the big question of how these sensitive information could have been exposed since they were supposed to be protected by the law firm and offshore service provider who handled all those clients.
Even though one could argue now that this leak eventually has been a good thing it should teach law firms and all companies, handling customer and client data to take care of data security. Especially when it comes to e-mails since it has been the original source of this leak. Microsoft has written up a summary on three points companies should attend to for more secure electronic communication:
- “Encrypt important emails—When email encryption is not part of a business’s security measures, hackers can easily intercept emails and read them. Any information contained in these emails or attachments can help hackers gain further access into a company’s network.
- Create a business culture of security—Be sure that all employees are aware of the risks of lax data security and help them recognize suspicious requests and phishing schemes. Hacks often occur because a hacker finds just one “in” that leaves the network vulnerable. This “in” can be as simple as a stolen email or portal password. Hackers can then send emails from an internal account and make IT requests that sound legitimate. From there, they can potentially breach the email server and obtain access to all incoming and outgoing attachments, burrowing deeper into the network until they’ve reached the information they want to find.
- Choose a secure email service with impressive security features—This means selecting a service that promotes business communication while actively protecting sensitive information. It should have built-in defenses against viruses, spam and phishing attacks. Deep content analysis should identify, monitor and protect data, thereby preventing data loss.”
(Original Source: Microsoft)