  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
OUR DATA ENCRYPTION IS SORELY LACKINGSource: Edmonton SunPosted on September 7, 2011 The startling number of privacy breaches reported to the government in the last 16 months is just the tip of the iceberg, warns Frank Work, the Alberta government's privacy guru. While there is no hard evidence from Alberta, the experience in other jurisdictions suggests that breach notifications are usually under-reported by two-thirds, says the province's Information and Privacy Commissioner. So while there have been more than 90 breach notification reports to his office since the spring of 2010, that probably only represents one-third of the actual privacy leaks, says Work. "It says we're a bunch of Neanderthals stumbling around in the information age," he laments. Most of the information losses aren't particularly high-tech, he notes. It's just stupid human error. "This isn't like eastern European gangs maliciously hacking into some sophisticated database," explains Work. Careless"This is people leaving laptops in coffee shops and hitting the wrong button on their e-mail function and sending everybody's T-4 slips to everybody else, and lost memory sticks." It's astounding, he adds, how many times people report stolen or lost electronic devices and admit that they weren't encrypted. Many people wrongly assume password protection is good enough, says Work. "Any dolt can go online and find out how to get around a password. For the minimal cost of encrypting information, it's amazing how many organizations still don't do it." Most of data loss is due to insiders Ñ either well-meaning employees who take short-cuts to get their job done or malicious employees trying to sabotage the firm, says Linda Park, senior data loss prevention specialist for Symantec Corp. which advises companies on information security and storage. Often, employees aren't aware that when they send data, it's being sent off an unsecured FTP server, she says, Employees sometimes copy large amounts of sensitive data off their laptops onto an unsecured USB stick. "You want one that's encrypted. So even if they do happen to lose it, whoever gets hold of it won't be able to access that sensitive information," says Park. Not encrypting information is a big problem because most companies don't require encrypted USB sticks or storage. Recent data breaches have persuaded firms to begin taking the encryption issue seriously, she says. Even if you educate employees about data security, they may not think about it on a daily basis, she adds. . "It's definitely a growing problem, particularly in the last year. We've seen a lot of high-profile data breaches worldwide." A U.S. study notes than unwitting negligence by insiders - employees who don't mean to cause harm - constitutes the majority (41%) of data breaches, says Park. Priority"Even though you train employees and make them aware of security policies, for most people, security is not their primary mission. They're not thinking about it." Shockingly, there's an uptick in the numbers of malicious workers attempting to sabotage their companies through data breaches, she adds. About 31% of U.S. data breaches in 2010 were the result of malicious or criminal attacks - up from 24% in 2009. Meanwhile, Work wonders when Albertans will wise up about data security. "I find it horrifying at how bad we are at this," he says. "If it was money, we'd be more careful with it."
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |