The stories that have been reported as a result of the Paradise Papers leak have been explosive. The Royal Family, key aides of President Trump, some of the largest companies in the country and A-List celebrities have all been implicated in a series of revelations that are sure to have wide reaching consequences regarding reputation, profit and perhaps even legislation. So, what exactly are the consequences and lessons from this latest set of revelations?

Details of the source of the leak, as they usually are regarding breaches of this magnitude, are sketchy. Appleby, a Bermuda based law-firm at the heart of the story, are conducting a top-to-bottom investigation, but as yet haven’t revealed anything. What is clear is that, irrespective of whether this was the consequence of a disgruntled employee or a hack, it is a serious breach of IT security. With 470 staff and offices globally, Appleby are a larger firm then Mossack Fonseca, who were at the centre of the Panama Papers leak , and you can be sure that no stone is being left unturned to establish what exactly happened.

Given the scale of the leak, it once again begs the question how exactly a law firm that has sensitive material of the nature we’ve seen over the last week can be so vulnerable? How can it be that documents that contain investments relating to the Queen are not stored more securely? It is obvious that Appleby were unaware of the breach, which seems to have happened over a year ago judging by BBC Panorama’s claims, so you have to question internal security measures at the firm. As with Mossack Fonseca, it seems likely that, as the truth emerges, questions will be asked about why Appleby did not protect their client’s data more securely.

How can it be that documents that contain investments relating to the Queen are not stored more securely?

But how should you go about securing your data? Where to start? Well, password changes, multi-step authentication and email encryption is all crucial, and the workforce needs to know the implications of carelessness. If all data was only accessible after login and had been leaked by an insider, then it would have been easy for Appleby to pinpoint who extracted and leaked the material. But they would need the in house expertise to monitor the network and make sure that any unauthorised access to data is alerted quickly. This has patently not happened, as Appleby sat oblivious to the fact that journalists were pouring over their entire file storage.

Strong passwords and good login practice might seem obvious, but a shocking number of people don’t bother. This makes passwords easy to guess. It is also key to scrub user accounts once an employee has left. Many leaks have come through dormant accounts being hacked, and an employee can’t change their password if they no longer work for the company.

There are several steps that need to be taken to make your system secure. Cloud based servers, up-to-date firewalls and anti-viral protection, system monitoring and email encryption need to be commonplace, not an extravagance. These measures are pittance in comparison to the damage a company can suffer from a leak.

There is an attitude that these sorts of events will not happen to your company. Appleby was obviously a target due to their high-profile client base and dealings in offshore investments. But they are not alone, with nearly every professional services firm now running the risk of closure should a data breach occur. Even if your clients and practices are all above board, private information is still very valuable to certain groups, and the impact on reputation that follows a leak is difficult to repair. Now is the time to make sure your system is secure.