Vigilante Vixen has learned that there were many security vulnerabilities from their technical, behavioral, law, and human resources aspects. Despite us not being directly involved in offshore financial services or the legal profession, technology roles have a considerable amount of opportunity to review this case and implement security regulations. We have learned through this process that data security and privacy, ethical considerations, transparency and accountability, regulatory compliance, education and awareness, global collaboration and the ethics of using technology in a workplace is vital for the privacy of employees, employers and customers. However, the importance of protecting data from insider threats in a firm without awareness in the same landscape will always increase risks, including data leaks. All of these categories have been exposed in the lack of adequate cybersecurity measures and the importance of safeguarding data where information is increasingly digital and vulnerable to breaches.
Our conclusion for this case is that Mossack Fonseca & Co. did not have an incident response plan to mitigate any type of risks associated with data breaches. Any security measures in a law firm that pride themselves in privacy for their customers has lacked privacy, protection, security measures, ethics and even education towards IT compliances. There is a need of conducting assessments to identify the root causes, data recovery, forensic analysis, vulnerability assessment, legal compliance, incident response, evaluations and continuous post-incident review.