[RwandaLibre] Federal departments consider banning USB keys in wake of dozens of security breaches

Federal departments consider banning USB keys in wake of dozens of

security breaches



National Post - 20 minutes ago



A USB key handed out to an employee in the federal department that

helps Canadian companies compete for domestic and foreign security

contracts vanished early in 2013.



A week-long trail of emails, phone calls led security officials to

conclude it was "impossible to assess [the] compromise" related to the

loss of the device. Nor was it clear who was telling the truth about

the number of hands the one small device passed through: Employees

pointed fingers at each other, with none knowing where the USB key

ended up.



Another USB key that was neither password protected nor encrypted was

found on a downtown Ottawa sidewalk by a Good Samaritan. It contained

protected information — albeit out-of-date details — of a federal

project.



The two instances are among dozens of security incidents logged by

Public Works and Government Services Canada over the past year in the

capital, which has the largest slice proportionally of public servants

in the country. The USB key losses are two of four investigated in

2013 by Public Works, not including the six lost BlackBerry phones,

two lost laptops and the possible theft of an iPad.



They've taken a step forward, but they're still miles away



Multiple departments have looked to ban or limit the use of USB keys

and portable data devices in the wake of high-profile data breaches in

2013, including the loss of a USB key at Employment and Social

Development Canada that contained sensitive information on more than

5,000 Canada Pension Plan disability applicants. If USB keys are being

used, departments are opting for encrypted devices.



"I can't but shake my head that they've taken a step forward, but

they're still miles away," said Tony Busseri, CEO of Toronto-based

Route1 security.



"Don't have the data go walking beyond the firewall of the network.

You don't need the USB key," he said.



One route is to have departments keep data on secure servers, and have

users connect remotely. Information never has to leave the confines of

government services, and cuts down the risk of an employee or

consultant losing a portable data device, Mr. Busseri said.



"It can't get stolen, it can't get lost," he said.



Related



Federal department sought to ban USB drives to curb risk of privacy breaches



Federal government considered paying dumpster divers $15,000 to

retrieve lost USB records, emails show



Missing government hard drive also contained business plans, financial

information of thousands of Canadians, emails suggest



We've lost personal information for more than half a million

borrowers: Canada Student Loans



Among the potential security and privacy breaches investigated in 2013

was one where a financial analyst at Aboriginal Affairs and Northern

Development Canada was accidentally given access to pay details for

employees at Natural Resources Canada. None of the affected employees

was told about the mistake because the "threat of a privacy [breach]

is almost nil," reads an internal report, after the financial analyst

alerted her superiors about the problem.



"Due to the circumstances, there is no point … to inform the NRCan

employees that their names and pay info have been sent to a

third-party office," the report says.



Workers were given reminders to be careful in the future, and the case

was closed.



"We do a very poor job of authenticating people before we give them

access to data," Mr. Busseri said. His company has lobbied the

government to use smart-cards for workers to access information:

Workers need the card and a unique password to access data, much like

a credit card with a chip needs a proper PIN to confirm purchases.



Copies of the security incident list and the final reports themselves

were released to Postmedia News under the access to information law.

The names of the employees at the centre of each incident have been

redacted from the documents.



In most cases, the department's investigations list notes that

sensitive government information was never put at risk.



http://www.google.ca/gwt/x?gl=CA&hl=en-CA&u=http://news.nationalpost.com/2014/01/01/federal-departments-consider-banning-usb-devices/&q=federal+usb+keys+security



Très amusant ces fonctionnaires qui "égarent" des gadgets (USB keys,

cell-phones, laptop...) contenant des informations sensibles!

Prennent-ils des précautions pour les protéger au moins? Ils les

laissent sur le siège des véhicules stationnés à la merci des voleurs

à la tire. Ils les laissent aux vestiaires des restos, gymnases et je

ne sais quoi encore. Ils les emmènent à la maison des amours volages à

la merci de la dame de plaisir. Si on veut protéger des secrets, ils

ne doivent "jamais" sortir du bureau. Autrement, "bonjour" les dégâts.





--

SIBOMANA Jean Bosco

Google+: https://plus.google.com/110493390983174363421/posts

YouTube Channel: http://www.youtube.com/playlist?list=PL9B4024D0AE764F3D

http://www.youtube.com/user/sibomanaxyz999

***Online Time: 15H30-20H00, heure de Montréal.***Fuseau horaire

domestique: heure normale de la côte Est des Etats-Unis et Canada

(GMT-05:00)***Bonne Année 2014!***





------------------------------------



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-

.To post a message: RwandaLibre@yahoogroups.com

.To join: RwandaLibre-subscribe@yahoogroups.com

.To unsubscribe from this group,send an email to:

RwandaLibre-unsubscribe@yahoogroups.com

_____________________________________________________



More news:



http://amakurunamateka.blogspot.co.uk/



http://ikangurambaga.blogspot.co.uk/



--------------------------------------------------------------------------Yahoo Groups Links



<*> To visit your group on the web, go to:

http://groups.yahoo.com/group/RwandaLibre/



<*> Your email settings:

Individual Email | Traditional



<*> To change settings online go to:

http://groups.yahoo.com/group/RwandaLibre/join

(Yahoo! ID required)



<*> To change settings via email:

RwandaLibre-digest@yahoogroups.com

RwandaLibre-fullfeatured@yahoogroups.com



<*> To unsubscribe from this group, send an email to:

RwandaLibre-unsubscribe@yahoogroups.com



<*> Your use of Yahoo Groups is subject to:

http://info.yahoo.com/legal/us/yahoo/utos/terms/