The Panama Papers. The largest data leak in history. How did such a massive breach occur at a law firm representing high-profile politicians, celebrities, and sports stars? Was it the result of a sophisticated attack requiring months of planning and a highly secretive hacker team? The truth is even more shocking: it stemmed from negligence in managing basic IT practices.

In most cybersecurity breaches, the attack vector often exploits a known vulnerability. In the case of Mossack Fonseca, the firm at the center of the leak, hackers had a wide array of vulnerabilities to choose from. As noted in a Wired article, their Exchange server had not been patched since 2009, and their corporate portal was poorly configured and not securely maintained. Mossack Fonseca confirmed that the attack was not an inside job; rather, the likely entry point was the neglected Exchange server. Their corporate portal, which had gone months without updates, allowed unauthorized users to browse backend folders simply by guessing folder names.

Many small and mid-sized businesses underestimate the consequences of a security breach. Some may believe they aren’t at risk of being targeted, while others simply lack awareness of the level of threat posed by inadequate security measures. It is shocking that a law firm handling a vast amount of private information was so unaware of the risks associated with their failure to conduct due diligence in managing their IT infrastructure.

A law firm is responsible for safeguarding a plethora of confidential data, and neglecting effective security measures is inexcusable. Often, businesses that are mindful of their security risks tend to overthink their needs. The Panama Papers incident illustrates that the risks are often more fundamental than we assume. Having sophisticated intrusion detection systems, advanced digital rights management, and encryption protocols does not substitute for the critical task of regularly patching systems.

It’s akin to installing laser tripwires and steel-reinforced doors on your house while leaving the garage door wide open. High-tech measures won’t provide protection when you ignore the ba