Cyber Security Attacks Are on the Rise

How well are you protected?

By Leah Kellar, Staff Writer

Photo courtesy of Abad Mahava

Photo courtesy of Abad Mahava

The question of cyber security has resurfaced in the public consciousness after reports last month of a sophisticated hacking group allegedly backed by the Chinese government found to be targeting Canadian computer systems. Days earlier it was announced that an electronic storage device, containing the personal information of 583,000 Canadian student loan recipients, was lost.

Human Resources and Skills Development Canada (HRSDC) is now facing three class-action lawsuits. The department was aware of the security breach for nearly two months before the announcement was made this past February.

The question of where the responsibility lies in protecting our personal information online has two components: one being internal and resting with individuals; the other being on the part of institutions, companies and agencies that take our personal information. Norm Archer, co-author of the book Identity Theft and Fraud: Evaluating and Managing Risk and professor in the department of Management Science and Information Systems at McMaster University’s DeGroote School of Business, says this is a recurring problem for large organizations responsible for safe-guarding personal data collected from thousands of Canadians each year.

[pullquote]“These incidents just keep happening and it’s just incredible to me that the people that are using those records still carry them around unencrypted,” says Archer, who specializes in researching identity theft in Canada.[/pullquote]

Encryption of financial, health and employment records and other private personal information that may become subject to criminal misuse is not yet standard practice in many organizations despite recommendations from the Privacy Commissioner and incidents of large-scale data breaches occurring each year. The external hard drive lost by the HRSDC last month was not encrypted, and is a prime example highlighting one more measure that Archer believes should have been taken to protect individuals – in this case pertaining to the financial information of thousands of students. What is more interesting, he says, is that the financial barriers to encrypting personal data for organizations are practically nonexistent. Methods of preventing similar occurrences are either free or inexpensive.

“The cost to install an encryption program is usually zero or very little,” he says. “If there is a cost, it’s a small price to pay when looking at the prospect of facing class-action lawsuits and the resulting turmoil and inconvenience people are put through in the process.”

Data Encryption

Most data encryption programs require a user name and password. There is a risk that both may be obtained through covert or overt means, but Archer believes encryption is, in any case, one more security measure that could make a difference in the event that a portable drive is either lost or the information is discovered by an unauthorized individual accessing a server.

[pullquote]“If you’re careful, there’s no reason that data, if encrypted, should be recovered by someone who has ideas about using it in a harmful way,” says Archer.[/pullquote]

He also mentioned that another step institutions could take would be to prohibit the collection and transport of such personal data on an external hard drive such as a USB key or data stick. Some health organizations in particular have already put in place such measures with severe consequences for those who violate regulations. He acknowledges that there’s not much we can do at the international relations level in terms of information security breaches from foreign groups or governments. As for the obligation to protect private information in this increasingly technocratic society where personal information is required for public services, social calls and networking efforts alike, the responsibility lies with individuals to monitor their online activities, their privacy settings and how much information they share with others.

Show more