Press Release Summary: Toronto-based Informatica Security President Claudiu Popa is a recognized Canadian security professional who advises executives and organizations about the security of their business strategies. The recent laptop theft from the National Bank head office in Quebec illustrates a number of failures that other firms need to learn from.
Press Release Body: Toronto, September 25, 2008 -- A laptop containing personal information on the majority of National Bank’s mortgage clients has been stolen from their offices, demonstrating that Canadian banks are as fallible as any other organization while presenting the added risk of losing large amounts of financial and personally identifiable information. The privacy of customer information is protected by Canadian law, unfortunately numerous companies still fail to adopt secure practices.
Claudiu Popa is a recognized security expert and Informatica’s president, a trusted corporate advisor on matters of compliance, privacy and security: “as a leader in security awareness and consulting, we welcome high profile cases like this for the sole reason that we have for a mandate to educate executives as well as the Canadian public. This is an excellent time for this organization and others to adopt better security practices.”
The following six failures contributed to the security breach that threaten to victimize the firm’s mortgage clients:
1.The laptop was stolen from an insecure office, indicating a lack of physical office security.
2.If the company’s policies included anti-theft devices for mobile computers, they were not being enforced.
3.The laptop contained a large database of personally identifiable and financial data on numerous clients, which should never leave the office servers. Instead, such data should be accessed over the network or remotely, one record at a time.
4.A password was reportedly used to ‘protect’ the computer. Without strong encryption, such a basic measure is entirely inadequate for the protection of corporate and private information.
5.The data within the database linked client names to their mortgage data, unfortunately identifying their financial details in the process. Companies should not aggregate such information but instead spread it across a number of databases to protect against unauthorized disclosure.
6.The amount of information about the breach may be inadequate for potential victims. Both the public and the firm’s customers need to understand, by example that by correlating this information with other data, practically any type of fraud could be committed.
Mr. Popa added: “The company’s insistence that the impact of the security breach will be minimal and that the information was basic is unfortunate, but given that Canadian law does not currently require the disclosure of such breaches, clients should consider themselves lucky to have been notified and should remain vigilant about their financial affairs for years to come”. Canada’s planned adoption of breach notification standards has been delayed for years, but its future adoption is considered by many as a significant benefit to Canadian customers.
About Informatica Security Corporation Informatica Security and Privacy is a leading information risk management consulting firm focused on providing unmatched expertise to enable client organizations to control and mitigate information security risks, meet compliance challenges, alleviate the effects of wrongsourcing and adopt proven standards and best practices for exceptional governance. The firm’s FlexSecure™ risk assessments and professional audits, FlexProtect™ security management, STORM™ (Scalable Techniques for Operational Risk Management) and WorkLife™ Enterprise Risk Education solutions are proven best-of-breed solutions that scale to meet the business and compliance requirements of diverse industries.
For additional information, please contact Informatica at 416-431-9012 or visit www.SecurityandPrivacy.com and www.InformationSecurityCanada.com.