For several weeks now, Canada has been witnessing a succession of crises concerning the theft of personal data. Just a week ago, there was panic when it was announced that the data of 6 million Canadians had been stolen following a hacking incident at Capital One. Prior to this incident, it was the Desjardins bank that was the target of data theft.
Then it was announced that at Revenu Québec, some 23,000 employees were affected by a leak of personal information that a staff member had transferred outside the organization's workplaces
This succession of serious incidents reveals that the system is undermined by flaws that are clearly symptoms of deeper problems that, if governments do not put in place stricter rules regarding digital identity and affecting businesses, risk being repeated more often than we have seen in the past. There is a French proverb that says: "Aux grands maux, les grands remèdes". In this sense, we believe that all companies, regardless of their sector of activity, must take the threat of data theft seriously to:
Basically, prevention is better than cure, and the time to do it is now.
Recently, in an interview with Radio-Canada on the analysis of the recent Capital One hack, José Fernandez, a professor in the Department of Computer and Software Engineering at Polytechnique Montreal, said this:
"You can ask yourself if the banks are doing a good job," says Fernandez. The answer is that they are doing an acceptable job, well above average. They are among the best in class. "
In this interview, Fernandez expresses that the blame should not be placed solely on financial institutions and that those who think this way are partially wrong. As reported by Radio Canada, he said:
"The problem is not the banks, it's the society we live in, it's the government, it's the social insurance number," he continues. If we continue to use personal information to authenticate people, there will be an incentive for criminals to go out and steal that information. "
In Canada, everyone is assigned a social insurance number, which is also used as a method of authentication for all types of financial and social transactions. Should we deplore the fact that financial institutions, governments and private companies consider the date of birth, the social insurance number and the mother's maiden name as secret information when we all know that it is very easy to have this information which is for the most part already very public.
So, is the real threat from the financial institutions?
I will tell you that it is not because I think that it is above all with the companies that use this personal information to identify their customers. In the most flagrant cases revealed to the public, it is always financial institutions and multinationals that are exposed. Moreover, I would like to rebound on this observation by illustrating some cases not always known to the public:
UBER: in November 2017, the CEO of Uber revealed that the data (names, email addresses and cell phone numbers) of 57 million users worldwide, including those of 600,000 drivers, were hacked at the end of 2016.
ASHLEY MADISON: In August 2015, it was a group of hackers who released 30 gigabytes of customer data from the Canadian adulterous dating site Ashley Madison containing the names, emails, and even sexual preferences of users. The revelations turn tragic with the suicide of subscribers in the United States and Canada. The boss of Ashley Madison must leave his position.
MARIOTT: the hotel and residence chain Marriott were the victim last November of a vast identity theft of its customers. Information about nearly 500 million of its Starwood customers was stolen by hackers.
FACEBOOK: Hackers took advantage of a security breach in September 2018 to steal the personal data of 29 million Facebook users. The hackers accessed their names, email addresses and phone numbers, and even, for some, their dating status or location.
If you are a business, it is important to take certain steps to successfully protect yourself from data theft (of any kind). This includes:
Understanding the types of data your business generates and processes
Setting up a sound, customized data architecture that takes into account vulnerabilities
In addition to these recommendations, it is also necessary within your company:
Just like Desjardins, Equifax, or Revenus Quebec, no company no matter how big or small is immune to the risk of data theft. Companies must therefore continually review and improve their systems and review and update their security procedures to successfully minimize the risk of data theft. Also, the growing threat of data theft by company employees is increasing and to protect yourself you must take steps that are sometimes costly but important to the security of your information and the trust you have with your audience.
At Oshara Inc, we have security experts who can help you model or strengthen your security systems to protect your business.
The list can be long. You have for example Desjardins, Equifax and Revenus Québec. But even more famous companies like Capital One, Ashley Madison, Facebook, Uber, Marriott, Yahoo!, British Airways, MyHeritage, Dubsmash, eBay, Home Depot, Snapchat, Target, Adobe ...
An SSL certificate allows you to have the green padlock next to your URL. This indicates that the web page uses the HTTPS protocol for secure communication.
In general, we have the organization, URL, state, and country, but also the validity period of the certificate.
Generally, you need to renew your certificate every 13 months at the most, depending on who you renew it with. A renewal request can take from a few minutes to several days (7) depending on your certificate and who is renewing it.
Was this article useful?
By registering, you agree to receive emails from Oshara.
By registering, you agree to receive emails from Oshara.