July 27, 2015 | Bill Wells, Special to Montreal Gazette
Imagine coming home to find a stranger’s hands have rifled your financial records, rummaged through your medicine cabinet, removed family photos and ransacked your underwear drawer. …
Previously, bandits at least had to travel to get to you. Today, they never even leave their cozy cubicle or bedroom. Once the baddies have your information, you can be hurt again and again — for years…
Imagine coming home to find a stranger’s hands have rifled your financial records, rummaged through your medicine cabinet, removed family photos and ransacked your underwear drawer.
You feel violated and enraged.
At first, the police are sympathetic, but soon, their attitude changes. You went out to shop for a few hours. The house was left wide open, all the doors and windows ajar. You didn’t bother with a security system and you don’t have a dog. Also, there has been a rash of burglaries in the neighbourhood, which you are aware of.
Pretty stupid, right?
This sounds like an urban fable. Unfortunately, for online communications, the tale is too true.
We have all seen headlines about hacking attacks. It seems distant and not relevant — but it is, and in the most intimate way possible.
Right now, there might be someone looking through your financial and medical records, copying your personal files, reading your email and collecting information on your family.
It could be Chinese cyber spies, the Russian mafia, our own homegrown criminals, your friendly network administrator or that precocious kid next door.
The World Wide Web is just that — worldwide.
Previously, bandits at least had to travel to get to you. Today, they never even leave their cozy cubicle or bedroom. Once the baddies have your information, you can be hurt again and again — for years.
We regularly give out our personal information or are compelled to provide it. We trust that those we give it to will protect it. But do they?
On June 17, Canada’s federal government websites and email were down for nearly two hours. Anonymous claimed responsibility. The group reportedly says that everything (they found) in the database was stored in plain text, or unencrypted.
On June 4, the U.S. government announced that its networks had been hacked or up to a year, probably compromising the personal data of 21 million current and former federal workers.
Sony was hacked in 2014. Data released included personal information about employees and their families, emails, executive salaries and unreleased films. According to one report, attackers erased nearly half of Sony’s personal computers, more than half of its servers, and destroyed their startup software.
The list of incidents goes on and on.
These are the Canadian and U.S. governments and one of the world’s largest technology companies. Yet elementary precautions were not taken. Antiquated systems and methods were used. They are not alone.
For example, by using email for basic communications, organizations show that security of our information is not a priority. Email is ubiquitous, impossible to secure and easy to pervert. Subverting email is often the key to many attacks. Viruses, worms, key-logging software and phishing attacks flood email servers every second of every day and confidential information floods out. Far more secure options are available.
Where is the outrage?
If organizations want or demand our most sensitive information, they have a duty to protect it. Governments spend trillions around the world to defend citizens from terrorist attacks yet do far too little to counter a constant stream electronic assaults that bring misery to millions of us.
We must demand better.
At the very least, the guardians of our information must stay up to date to keep electronic hoodlums out of our cyber underwear. It is long past time to lock up our metaphoric house, bar the windows, install a state of the art security system, hire armed guards and let loose a pack of guard dogs into the yard. At least then we can say we did everything possible.
Bill Wells, a former chairman of Valeant Pharmaceuticals, is chairman of Evizone — the Safe Communications Company. He is based in Montreal and Barbados.