Online privacy and security experts gathered in Victoria earlier this month to share strategies to protect computer networks they say are “under attack like never before.”
Charles Wordsworth, technology security consultant and vice president of Privacy and Access Council of Canada, said the days of teenage computer hackers making mischief have been replaced by organized crime, much of it based in Eastern Europe.
A key concern is breaking into computer networks that collect personal information. The attraction is simple, Wordsworth said. Online criminals work in secret, with little risk to them as they search for weaknesses.
“You don’t get shot robbing online banks,” Wordsworth said. “Unfortunately from my experience, the hackers are getting smarter. They have more money than anybody else, so therefore they can hire people who are a lot smarter than the people who develop the applications.”
B.C. and other governments increasingly use web applications for access to their programs. B.C. Auditor General Russ Jones reported last week on security deficiencies, calling on the province to require better security measures from contractors who develop websites used by government.
One recent example of a preventable breach was in Alberta, where 620,000 medical records were taken along with a laptop computer owned by a private medical clinic with 25 outlets in the province.
Sharon Polsky, CEO of Privacy and Access Council of Canada, said encryption is simple now and should be required of all government contractors. She said protection has to be built in at the beginning, and all employees and contractors with access to personal data should be trained to protect it.
While there isn’t much the average person can do to protect against institutional data breaches, there are simple precautions everyone can take.
The conference was organized by the Vancouver and Victoria chapters of ISACA (Information Systems Audit and Control Association), an independent industry group with members in 180 countries. Its website has advice on mobile security, social networking privacy and dealing with cyberbullying.