Since last year’s TJX security breach, online site security and identity theft (two aspects of the Internet that have always been a concern) was suddenly pushed to surface and brought to the attention of the average user. While people were always aware of ID theft, nothing had ever occurred on this scale, or at least hadn’t been as widely published. With more and more people adopting the Internet, and more and more people trying to take advantage of security flaws that allow them to exploit the masses on the Internet, it becomes more difficult to ensure that sites and information is kept safe. Ultimately, the biggest security hole or security risk is still the average user, but carelessness by programmers and IT professionals can still result in huge data breaches and headaches. Passport Canada, a branch of the Canadian government agency, and HM Revenue and Customs and the National Audit Office, two branches of the British government, are perfect examples.

The Passport Canada website had a flaw that allowed users to see the personal information of each other by simply changing a few numbers in the URL when they were viewing their own personal information. Probably not a difficult flaw to avoid and the eventual fix came quickly, but it definitely doesn’t increase the confidence that our neighbours to the South have in the Great White North. In the case of the HMRC, the impact or concern relating to the data breach could have been avoided by stripping the unnecessary information from the file; for example, the address and bank details could have been removed as they were not needed - but this would have cost about $102,000. Probably pennies compared to the eventual cost this will have.

There are always going to be security holes that will be used by those looking to take advantage and exploit them for monetary gain, and as the potential for monetary gains increase, the number of individuals looking for them will also increase. However, by taking the proper precautionary measures, many of them can be avoided. Whether it’s your personal blog, a small E-commerce site, or government-implemented, you are a target and must make every effort to keep your site and information (yours and other peoples) safe.

Digg this entry! This entry was posted on Thursday, December 6th, 2007 at 1:00 pm and is filed under Main. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.