Personal information accessed at Canada Revenue, Facebook’s war on terrorists and a new banking malware found
Welcome to Cyber Security Today. It’s Monday June 18th. To hear the podcast, click on the arrow below:
The personal information of over 80,000 Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months, Global News has reported. Based on government documents filed earlier this month with the House of Commons, the tax department had the most privacy breaches during the almost two-year period than any other federal department. A number of these breaches were not hacks, but what the department says was misdirected mail that went to the wrong staffer. But many involved government employees doing unauthorized searches.
A Revenue Canada spokesperson said incidents of misdirected mail at the department have significantly decreased as a result of CRA efforts. In 2015-16 there was a total of 1,625 incidents, whereas in 2017-18 there were 1,104. “Allegations or suspicions of employee misconduct are taken seriously, are thoroughly investigated and, when wrongdoing or misconduct is founded, appropriate measures are taken.”
Banks, insurance companies, hospitals, doctors offices are places where employees have tempting access to private information about customers. It’s vital that employers have privacy rules, train staff on their privacy obligations and have technology that can limit unapproved access to files.
Major social media platforms are fighting criticism for not doing enough to remove criminal and terrorist messages from their sites. Last week at a security conference in Jerusalem, a Facebook official said 99 per cent of terrorist content from ISIS and al-Qaida is taken down by the company today, either by staff or automated machine learning software. However, a columnist at SecurityWeek noted that last month a group called the Counter Extremism Project said Facebook isn’t doing that well. It cited examples of terrorist propaganda and recruiting still on Facebook. One problem may be the determination of terror propaganda supporters on social media to open new accounts. Another is that machine learning software may be good at spotting questionable material, it takes time for an employee to look at it and make a decision on deleting it. There’s no quick fix to this problem, but if you see something potentially criminal on a social media site you use, make sure it’s reported.
Finally, a new banking malware for Android devices is out there, trying to steal your bank login credentials and copy data on your device. And if that isn’t enough, it may try to install ransomware.
Be on the lookout for an attempt to install an Adobe Flash Player app. One of the best ways to protect yourself is to only install Android apps from the Google Play store – however, even some apps there can be corrupt. The really safe way to protect your Android device is to use very few apps. And besides, Flash Player isn’t that important. Browser support for Flash, used in playing movies, has been slowly dying. Adobe will end Flash in 2020.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.