Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


OUR DATA ENCRYPTION IS SORELY LACKING

Source: Edmonton Sun

Posted on September 7, 2011

The startling number of privacy breaches reported to the government in the last 16 months is just the tip of the iceberg, warns Frank Work, the Alberta government's privacy guru.

While there is no hard evidence from Alberta, the experience in other jurisdictions suggests that breach notifications are usually under-reported by two-thirds, says the province's Information and Privacy Commissioner.

So while there have been more than 90 breach notification reports to his office since the spring of 2010, that probably only represents one-third of the actual privacy leaks, says Work. "It says we're a bunch of Neanderthals stumbling around in the information age," he laments.

Most of the information losses aren't particularly high-tech, he notes. It's just stupid human error. "This isn't like eastern European gangs maliciously hacking into some sophisticated database," explains Work.

Careless

"This is people leaving laptops in coffee shops and hitting the wrong button on their e-mail function and sending everybody's T-4 slips to everybody else, and lost memory sticks."

It's astounding, he adds, how many times people report stolen or lost electronic devices and admit that they weren't encrypted. Many people wrongly assume password protection is good enough, says Work.

"Any dolt can go online and find out how to get around a password. For the minimal cost of encrypting information, it's amazing how many organizations still don't do it."

Most of data loss is due to insiders either well-meaning employees who take short-cuts to get their job done or malicious employees trying to sabotage the firm, says Linda Park, senior data loss prevention specialist for Symantec Corp. which advises companies on information security and storage.

Often, employees aren't aware that when they send data, it's being sent off an unsecured FTP server, she says, Employees sometimes copy large amounts of sensitive data off their laptops onto an unsecured USB stick.

"You want one that's encrypted. So even if they do happen to lose it, whoever gets hold of it won't be able to access that sensitive information," says Park. Not encrypting information is a big problem because most companies don't require encrypted USB sticks or storage.

Recent data breaches have persuaded firms to begin taking the encryption issue seriously, she says. Even if you educate employees about data security, they may not think about it on a daily basis, she adds. .

"It's definitely a growing problem, particularly in the last year. We've seen a lot of high-profile data breaches worldwide." A U.S. study notes than unwitting negligence by insiders - employees who don't mean to cause harm - constitutes the majority (41%) of data breaches, says Park.

Priority

"Even though you train employees and make them aware of security policies, for most people, security is not their primary mission. They're not thinking about it." Shockingly, there's an uptick in the numbers of malicious workers attempting to sabotage their companies through data breaches, she adds.

About 31% of U.S. data breaches in 2010 were the result of malicious or criminal attacks - up from 24% in 2009.

Meanwhile, Work wonders when Albertans will wise up about data security. "I find it horrifying at how bad we are at this," he says. "If it was money, we'd be more careful with it."




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.