This is privacy awareness week, Canadian cellular carrier’s data exposed, the cost to businesses of cyber crime, phone and laptop seized at the border and a big WordPress update.
Welcome to Cyber Security Today. It’s Wednesday May 8th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com
 |
 |
 |
A number of privacy authorities for countries that touch the Pacific Ocean, including Canada and the U.S., have declared this is privacy awareness week. This year’s theme is something all listeners should remember: ‘Protecting privacy is everyone’s responsibility.’ That not only means companies, governments and their connected suppliers need to have robust privacy policies, but consumers also have to learn and understand their privacy rights. In Canada, those rights are covered partly under provincial law and partly under federal law. In the U.S. they are largely covered under state law, but the Federal Trade Commission has some rules over what businesses do with your data. So you need to go to the web sites of your jurisdictions and do some reading. It’s important for you to think carefully when you give out personal information to a company. There’s lot of privacy resources online.
Here’s a link to 10 tips for protecting personal information from Canada’s privacy commissioner, and a link to the U.S. based Electronic Privacy Information Center.
Speaking of privacy, a CBC news story this week is a reminder that Canada Border Services has the right to seize your laptop and cellphone if you don’t hand over your passwords if they suspect there has been a customs violation. The government says officers may only conduct a search if there are multiple indicators that evidence of contraventions may be found on a device. A lawyer who says he was returning to Canada after studying several months in South America said he was given no explanation why his devices were seized.
Wyzant, the online portal where students can find tutors has suffered a data breach. In a letter sent to customers the company said a hacker got access to names, email addresses and zip codes, and for some people, their Facebook profile image. No passwords or payment information was accessed.
Speaking more of privacy, the privacy of at least 15,000 subscribers to Canadian wireless carrier Freedom Mobile was violated when we learned this week that security researchers discovered an unprotected database of information on the Internet. The data not only included subscriber names, dates of birth, email addresses but also their credit card and verification numbers. Freedom Mobile blamed another company that did some data processing of customer information for misconfiguring a server holding that data. We don’t know how many people might have stumbled across that database and are using the information for crime. But more than one expert has noted that errors by employees or those who work for suppliers — as happened in this case — are often behind data breaches.
Speaking of which, the annual Cost of Cybercrime report from consulting firm Accenture and the Ponemon Institute was released this week. It figures the average cost last year of discovering, investigating and recovering from cyber attacks for the organizations was $13 million. That was a 12 per cent increase over 2017. Companies studied faced an average of 145 breaches of their security in 2018 — although not all of them resulted in stolen data. That was also an increase over 2017.
The report makes three recommendations to security pros: Make security awareness training of employees and partners a priority; protect your data better and spend on technology that helps discover attacks.
Finally, a new version of the WordPress content management system used by a large number of bloggers and news publishers has been released. Version 5.2 has protection against an attacker infecting the company’s update server with malware, which would result in infecting every WordPress installation in the world that installs updates. WordPress administrators should think about moving to this new version. As experts note, it doesn’t solve the problem of infected WordPress plugins, but apparently protection against that is coming.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon