Welcome to our fully functional beta site. We welcome all comments
The Informatica blog - Authored by Claudiu Popa

Businesses Have 5 Opportunities to Benefit from Better Security

CRA and 9 other agencies fail to adequately report privacy and security breaches.In a recent press release we echoed the Privacy Commissioner's concerns over growing numbers of data breaches occurring in 10 government agencies. Over 3000 inadequately reported data breaches took place at the Canadian Revenue Agency, Fisheries and Oceans, Public Safety, Employment and Social Development Canada, Justice Canada, Citizenship and Immigration, Passport Canada, the Correctional Service, the RCMP, the Parole Board and Veterans Affairs.

Despite a reported 97% of Canadians demanding to know when their privacy has been breached, not enough is being done to improve mandatory reporting, but we think believe the private sector has a chance to lead the way and gain public trust and positive exposure in the process. Here are 5 best practices that can be adopted equally effectively by public agencies and private organizations:

1. Notify.
The government must push for standardized breach reporting at all levels but savvy businesses can also lead the way with adequate reporting of any suspected privacy/security issues to Privacy Commissioners. Following process demonstrates professional integrity and creates a chain of custody for any relevant tracking information early on.

2. Verify.
Both government and the private sector need to standardize risk assessments and have their practices and results independently verified. It's a simple, recurring process that leads to incremental improvements in security.

3. Communicate.
Security by obscurity doesn't work. Secrecy erodes trust. Share standards and practices to educate the public about what your government agency or business is doing. Review your policies and write them in simple, clear language. Your audience will pay you back in trust.

4. Enforce.
Policies should not be wishful thinking. They must describe existing practices and incorporate privacy principles that put the public's interest first. Employees must be intimately aware of them. The public must have access to all relevant information on current practices. Encourage reporting of any suspected issues, gaps or deficiencies. It's free and it demonstrates awareness, accountability and risk maturity.

5. Educate.
If encryption standards are weaker as a result of pervasive surveillance, the government should not remain quiet on the topic. It should immediately let Canadians know how to restore the confidentiality of their information. Similarly, businesses need to be savvy about all legislative changes and educate their workforce on the best ways to protect information, whether it is legally mandated or not. Bring people into the loop.

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on