No excuse for unencrypted customer data

We should know better by now

A recent security breach at Sony Corp. exposed the personal and financial information of 100,000 customers on its PlayStation network. Sony Ericsson in Canada was targeted a couple weeks later, with name and e-mail information being stolen.

It’s become the depressing norm for almost daily breach announcements. And those are the ones that are promptly reported; not all are.

It’s been an adage for years that the online secure computer is one that’s not connected to the network. That’s increasingly an impractical option, with the prevalence of Internet use, the ubiquity of wireless data coverage and the increasing trend to move applications to the Web. There are criminals out there who can, and will, penetrate your system. Throw your hands up in despair.

Or, perhaps, apply the lessons that we have learned over and over again in the Internet Age. Your network WILL be hacked. The question is, what will said hacker find there of value when they inevitably do get through the firewalls?
After the TJX and Heartland fiascos of recent years, it should be clear by now. There is no excuse for customer data, at rest or in transit, to be unencrypted. The technological cost, the key maintenance, the latency — none of these justify unencrypted customer data.
Data leak prevention technology, applied rigorously and consistently across the infrastructure that hosts the most vulnerable data, can prevent the accidental loss of customer information, along with the “inside job.”
And then there’s an approach espoused by Ontario privacy impact assessment specialist Tracy Ann Kosa at last year’s  SC Congress Data Security Conference and Expo: Collect only the information necessary for the application involved, for the specific situational relationship with the customer. In the event that all other measures fail, at least the amount of personal information leaked will be minimized.
And when countermeasures fail, immediate notification of customers should be enforced by toothy penalties for delay. “Timely” reporting doesn’t cut it.
None of this is news. But it seems that almost every day, a new security breach is.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now