Security breaches seem to be occurring on a regular basis lately, as more and more reports of lost data and hackers flood news headlines. Many businesses store their information in a virtual environment, but do little to protect it once it gets there. Complacency and a lack of understanding is contributing the the number of attacks – and businesses aren’t the only ones being targeted by hackers.
In an annual report to Parliament on Tuesday, commissioner Jennifer Stoddart reported that the number of data breaches reported by federal institutions between April 2012 and March 2013 rose from 80 to 109 during the same period the year before (click here for report). Hackers are breaking into federal networks in record numbers, yet it seems as though this issue isn’t being taken seriously. Several of the reported incidents could have been prevented if the proper security measures were in place. Treating cyber crime as random and unpredictable is counter productive for government and business.
Employee negligence, or “human error”, was responsible for a majority of the federal government’s stolen data, with hacking and malware encompass the rest. Some of the stolen data included:
- Human Resources Development Canada (now called Employment and Social Development Canada) reported that a staff member lost a portable hard drive that contained 585,000 personal records
- A Justice Department employee lost a USB key that contained sensitive information on 5,000 people
- A USB key, papers, and a laptop that contained information used by the Financial Transaction and Reports Analysis Centre (FINTRAC) was stolen in Calgary
- A Security Intelligence Officer working for Corrections Canada had dropped a USB key containing personal information about 152 prisoners was lost while the Officer was dropping off a child at school
- The personal tax information of 46 people was stolen along with an employee’s laptop
And the list goes on. It’s frightening to think that federal employees are so complacent with the personal information of others, but it happens every day. No one believes that it will happen to them, until it does. However, ignorance is not bliss, nor is it an effective method of data protection.
Employees need to be responsible for the protection of portable devices, especially the devices containing private information. Many business and government establishes take the time to install the best security measures, but the moment an employee transports data – the risk of a data breach increases drastically. This is becoming increasingly difficult to control as virtual environments continue to increase in use. Although it may be convenient, companies need to be aware of the risks associated with virtually accessible and transported data.
Some of the ways that companies can help decrease the amount of data lost to “human error” is through education, awareness, and guidelines. By educating and alerting your employees about the methods used by cyber criminals to gain access to private data, they’ll have a better understanding of how to keep the data secure. Additionally, creating awareness will show your employees that cyber crime is a reality that can happen to anyone, anytime. It’s not just something you hear about on the news, it’s something that hundreds of companies have experienced across North America.
Establishing some rules and guidelines around transporting sensitive data, either in a USB key, laptop, or external hard drive, can also help keep data safe. By attaching consequences to an employees actions, such as losing a USB key, it’s likely that they’ll remain vigilant. The other option would be to restrict the transportation of data all together by utilizing cloud technology. By moving all your data to a online environment, your employees can access the information from anywhere, anytime.
To learn more about storing your data in a safe location, click here.
Blog author: Vanessa Hartung