In January of 2013 we were told about a data loss event that occurred inside a Canadian federal government office involving the loss of private data of nearly half a million Canadians. A new report commissioned by interim privacy commissioner Chantal Bernier reveals that data was lost from a portable hard drive that was left unsecured for extended periods of time and lacked password protection and encryption.
As we mentioned in our original post, the breach affected nearly 583,000 Canadians, in particular students as part of the student’s loans program, with missing personal files including names, social insurance numbers, contact information and more.
As has been the recurring theme of our blog, it begs the question of how stringent IT policies are non- existent in institutions where they matter the most? At Asigra, our software is deployed in numerous public sector institutions and is relied on to ensure that critical data is always protected. In fact over the last 28 years of operation Asigra has been focused on providing secure, reliable software to the market through experienced Managed Service Providers who pride themselves on providing data protection to organizations worldwide; with over 1 million end customer sites protected.
External Drives Used as Backup
What’s particularly alarming from these recent findings and from the report published by the security commissioner is that staff at the department involved in the breach were using a one-terabyte hard drive to make a backup copy of student loan program information stored on a central computer to ensure its preservation when that data was being transferred between networked drives. As a company that specializes in cloud backup, it goes without saying that a situation like this should never happen. Many companies cite their fear of the cloud, but in reality they should fear the practices they have in place today especially if they think using an external hard drive that involves manual, human intervention is more secure than the cloud.
Critics Weigh In
New Democratic Party digital issues critic, Charmaine Borg mentions that most government departments tend not to divulge data breaches to the privacy commissioner or to people affected. This is disconcerting news for Canadians.
Having the Right Technology in Place
In addition to policy changes within government departments, and proper personnel training, there are numerous steps both government institutions and private sector organizations can take to ensure that all data is protected. A few to mention:
- Leverage cloud backup to ensure that your data is stored somewhere safe, and only accessible by authorized personnel through encryption key management
- Transfer of data following strict NIST FIPS 140-2 AES 256 certification protocols
- Encryption of data both in flight and at rest
- Proper password management and rotation
- And more…
Most fitting, interim privacy commissioner Chantal Bernier says that, “Protecting personal information cannot be ensured by having policies on paper. Policies must be put into practice each and every day and monitored regularly.” We tend to agree with her and having a comprehensive, cost-effective online data protection platform, such as Asigra, can ease the burden of implementing those policies along with the manual efforts.
To learn more about how Asigra and its Partners can help keep your data protected, read more about our security and compliance here: http://www.asigra.com/product/security.