Government data breaches highlight need for encryption

A recent discovery of a security flaw in Passport Canada’s Web site, coupled with the loss of computer discs belonging to the United Kingdom’s revenue agency, serve as reminders of the threat of data loss and cyber crime.
An Ontario man completing his own online passport application discovered that he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser, the Globe and Mail reported.
In the United Kingdom, the HM Revenue & Customs (HMRC) lost computer discs containing the country’s entire child benefits records, including the bank account details of more than 7 million people, Lloyd’s reported.
Too many organizations have information security policies that concentrate on the infrastructure that holds the data rather than the data itself, Nigel Jones, director and IT forensic expert at Aon, told Lloyd’s.
“Encryption techniques today are low cost and still effective if coupled with other processes,” he said. “Even if the HMRC has the best security practices, you have to ask when the policies were last tested.”
Lloyd’s noted insurers ACE Novae and Beazley all write data loss-related cover. A medium-sized corporation can typically arrange cover with a limit of 25 million, although a program of between 50 million and 100 million pounds is possible in certain circumstances.