encryption software

Data Breach investigation widens to Justice Department

April 10th, 2013

An investigation for reviewing the federal government’s personal data loss took place on over 5,000 Canadians. This has lead to include the Justice Department as well.

There has been a loss of a portable data key which contained the data connected to Canada Pension Plan disability benefits. At first, it was thought to involve the program administered by only Human Resources and Development Canada.

Also, it was told to the victims of the data breach, who had filed their complaints to the privacy commissioner’s office that the incident may have included another department as well.

“I wish to advise you that it has come to our attention that an employee from the Department of Justice Canada may also have been involved in the incident which resulted in the loss of the USB device,” says the recovered letter.

It goes on to inform the recipients of a complaint that was filed against the Justice Department on Jan. 28.

“Our office is therefore investigating both HRSDC and Justice Canada regarding the incident,” says the letter, dated Feb. 14.

It was also found that the justice department too investigating the matter, said a spokeswoman in the department.

“Administrative investigations are underway to determine all the facts surrounding this matter,” Carole Saindon said in an email.

“The Department of Justice is part of the investigations. Justice Canada takes the protection of privacy seriously,” she said.

“It would be inappropriate to comment further while the investigations are ongoing.”

The same day as the letter was recovered; the senior officials at the Human Resources Department were present before a House of Commons committee vouching for the matters about the data breach.

The committee was told that the key of the USB went missing since last year, and two days later it was loaded with unencrypted data and information on 5,045 people, which included social security numbers such as social insurance number, medical conditions, level of education and jobs. To avoid such hazards it is important to enable encryption software in all the networked systems used in organizations.

This USB key was supposed to be handed to one of the employees working on a secure floor at Human Resources who used it the very next day, but later couldn’t find it back.

An employee working in different division at Human Resources also has misplaced an external hard drive earlier – and that the device was supposed to contain the student loan information on 583,000 Canadians which was very confidential. Therefore, the investigation about this incident is ongoing.

At this point, it was told by a spokesperson at the privacy commissioner’s office that the investigations remain aimed at Human Resources.

“We’ve opened a complaint against the Department of Justice in relation to the incident involving loss of the information stored on the USB key – not in relation to the other (student loan info) data breach,” Anne-Marie Hayden said in an email.

Initially, the idea was that the Justice officials were looking at people’s personal medical files which raised a host of many new questions and that what does the government officials do with such personal information, said by a lawyer involved in a class-action lawsuit against the government.

“Nothing good comes of having the Department of Justice look at your CPP disability pension application information,” said Ted Charney.

He also said, there might be a possibility of another department involvement, which could change the nature of the whole lawsuit.

“If it turns out that this personal information has been leaked to a department who shouldn’t have received it, it’s an additional breach of privacy,” he said.

“The motives and purpose for that employee getting access to that information is of very significant concern to us.”

Since the occurrence of these two incidents simultaneously, Human Resources has banned the usage of portable hard disk drives as well as unapproved USB sticks.

Also, they have attempted to install new data loss protection software, i.e., encryption software which is designed to keep better tabs on where and how data is being moved around the department.

The Justice department’s deputy minister Ian Shugart told the committee, “The incidents are unacceptable”, earlier this month.

“Sensitive personal information was stored on unencrypted portable storage devices and not properly secured. This should not have occurred.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Review of Chinese Cyber Security Threat

March 19th, 2013

In a recent study revealed by New York Times, a leading International Security Consulting Firm, Incident Management Group, Inc. (IMG) will be reviewing a corporate security policy in China. It is due to the fact that a computer security threat has been found, posed by Chinese hackers.

This had led IMG to examine Chinese cyber security and computer security for global corp. The New York based news agency, highlighted a report released by Mandiant, another cyber security firm, which focussed on the attempts by the Chinese military to conduct such cyber attacks on The States (US) and some western companies. It has been suspected that these Chinese hackers, especially those associated with military, targeting western firms in order to obtain intellectual property and technology, for years. Despite this article, added weight to the growing suspicion and drawn attention to all the hacking groups around the world, including China. In response to this, IMG is looking for ways to enhance the computer security, cyber security posture as well as to monitor data theft protection of its client partners by enforcing effective data security policies and ensuring full disk encryption for the computer protection.

In light of the news article about western organisations being the target of the Chinese hackers, IMG is planning to conduct a cyber security review to see how full disk encryption can be done and cyber security posture can be increased to implement data security policy. However, for IMG computer protection for data security must be overlooked as an element of institution’s computer security and cyber security framework. Given that the hacking groups have military as well as state support, it is critical for organisation to take a 360 degree view of data security. By doing so, they will ease threats, that are posed by Chinese hackers.

It is possible that either to take advantage of China’s position as a leading global manufacturing base or their growing  business economy, many large corporations are eager to be present, as a target for sales and marketing efforts in the Chinese market. in either cases, Companies need to have a robust encryption software or data security program who are carrying their business with/ in China. n this growing digital technology world, it is paramount to have an active computer security software protection for companies and that should be based on an active evaluation of all data security risks. Physical data security, such as employee access can be a gateway to cyber attacks, hacking and crime; as well as vice-versa.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta