Another hour, day, week, month and year, another leak but this is not just a leak containing details of the middle classes, it contained the details of the very rich and the upper echelons of society. Clearly a leak containing thousands or millions of PII (personally identifiable information) records of normal users is not acceptable but when holding records of: royals, presidents or prime ministers, politicians, celebrities, sports people and just general very wealthy individuals you would think the controls along with vetting would be far higher.

Imagine you are a London law firm dealing with large charities, universities, large businesses, wealthy individuals and the head of state, not the prime minister David Cameron but Queen Elizabeth II. The first set of clients need good protection, more than those of a standard British law firm and Queen Elizabeth II would need top notch protection, potentially up a government rating of Secret or even Top Secret. On top of this only a few senior partners would deal with the client and their background checks would be higher.

Mossack Fonseca is/was different to the above since all the clients were famous and very wealthy yet it seems the protection was poor and very dated. If you are dealing with such people and they pay a premium for your skills surely you can afford better protection and skilled security staff? ISO 27001 is held by some global large law firms but this does not necessarily mean you are very secure. So what are your options you may be wondering? Implement extreme security with granularity or create a small offline closed network. Both have pros and cons with the latter being stronger though less flexible.

If you were to ask someone on the street today what makes computers and data in-secure, they will likely reply back with: evil hackers, malware and the internet LAN cable or Wi-Fi connection. Take the internet connection away and your data is greatly more secure. If you cannot or will not remove the internet, then you need “militant” security covering all bases possible.

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” - Professor Gene Spafford of Purdue University. Yes, nothing can be 100% like physical security but you have to try and make it very hard to break in or smuggle data out.

One: Offline closed network option
Yes, close to “100%” with no way at accessing the network over the internet but flexibility is next to zero. The only way of getting data would be breaking into the building and stealing the hardware tokens. Backup would need to be manual via an external hardware encrypted hard drive stored on-site in a waterproof & fire proof safe with an extra drive stored outside in a vault. Backups would need to be done by a very trusted person daily, i.e. the company owner or head of security. The below setup is similar to those used by intelligence agencies globally or department of defence’s (British English= the MoD).

Hardware
  1. File server
  2. Router
  3. Desktops
  4. Highly secure controlled room
  5. Network cables
  6. Hardware encrypted USB hard drive
  7. Lockable server and desktop cabinet
  8. Kensington locks
Defence
  1. USB and CD blocking software for server and desktops
  2. File server locked in a cabinet and bolted to the floor
  3. Desktops in a lockable cabinet thus hiding USB ports, motherboard and CD drives
  4. Full disc encryption or SED (self-encrypting drives) on desktops and server
  5. Fully patched up pre-release
  6. No other network access or connection to the internet in any form
  7. Two factor authentication for endpoint login
  8. Hardware token to access and control vault access by department or project
  9. Master hardware token stored in a strong safe onsite with grandmaster kept externally
Two: Online network with “militant” security
Option one maybe ultra-secure but it is very inflexible and data cannot be moved or backed up easily. Internet access comes with great responsibilities risks, mostly malware, external hacking and of course the Snowden or Manning threat (the insider). Existing setups can be used if option one is out of the question but extreme security measures and tweaks are required. One common problem is spear-phishing which delivers a payload of malware and this is hard to defend against, and standard antimalware just does not cut it (or really do much).

  1. Very similar to the above but with internet access and the below:
  2. Security focused DNS
  3. URL whitelisting
  4. Application whitelisting
  5. Anti-exploit
  6. No Wi-Fi
  7. Block EXEs, macros and other files on email and web filters
  8. Code stripping on email
  9. Full HTTP(s) inspection and scanning
  10. No inbound ports open unless on strong VPN and limited outbound ports open
  11. Limited social media exposure
  12. Endpoint, web and email DLP
  13. File level encryption which only works internally
  14. No website connectivity or storage
  15. No exposed logins i.e. on website or OWA
This does not cover all but is a great start for defending against: interception, internal leaks, malware and external hacking. For a greater list see https://www.datasecurityexpert.co.uk/it-security-guide.html.